Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

Ensure GDPR Compliance with LeanIX

Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Chargement dans…3
×

Consultez-les par la suite

1 sur 20 Publicité

Plus De Contenu Connexe

Diaporamas pour vous (20)

Similaire à Ensure GDPR Compliance with LeanIX (20)

Publicité

Plus par LeanIX GmbH (15)

Plus récents (20)

Publicité

Ensure GDPR Compliance with LeanIX

  1. 1. ENSURE GDPR COMPLIANCE WITH LEANIX (ADVANCED LEVEL) 22nd November 2018 Patrick Schober, Customer Success Manager @LeanIX
  2. 2. WIFI: Leanix Code: EAconnectdays2
  3. 3. 3 The General Data Protection Regulation, or GDPR (EU 2016/679) is a regulation of the European Union introduced to improve and unify personal data protection of individuals within the European Union. It entered into application in May 2018.
  4. 4. We help to understand and optimize IT Architectures: Application Rationalization 4 Stay compliant and help preventing penalty fees GDPR in LeanIX “GDPR drives maintenance of our LeanIX inventory. LeanIX provides GDPR a harmonized inventory as basis for documentation” - Andreas Bosch, Enterprise Architect, McKesson Use GDPR as a driver for maintenance of your LeanIX inventory Safe operative costs (and nerves) preparing a Data Protection Impact Assessment (DPIA)
  5. 5. Only basic Fact Sheet Types are needed to start Application Rationalization with LeanIX. LeanIX Scope for handling GDPR. 5 1.GDPR-Related Data maintained at the Application Fact Sheet mainly 2.Relationships to Data Objects, Interfaces, and IT Components need to be established 3.Basic Configuration is recommended to meet GDPR requirements Provider IT Component Project User Group Data Object Technology Architecture Information System Architecture Business Architecture Tech. Stack Business Capability Process Major Fact Sheet Types and relations for App Rationalization Configuration recommended Interface Application* *
  6. 6. Application as the central Fact Sheet to model GDPR in LeanIX. Fact Sheet Configuration 6 1.New Section on the Application Fact Sheets 2.Capture information directly based on GDPR-Regulation  Reason for processing  Legal Basis for processing  General relevance of Application for GDPR Hint: Additional information like „Cross-Boarder Transfer“ or „Category of external recipient“ might be added to cover additional details.
  7. 7. We configure an additional Fact Sheet section upon your request. 7
  8. 8. Related Data Objects (PII) and IT Components (e.g. Hosting Services incl. location) Relations you need for your GDPR use case. 8 1.Relate the Data Objects to the Applications, esp. Personal Identifyable Information (PII) and tag them accordingly 2.Relate Applications to the necessary IT Components and maintain their location (e.g. Hosting Service, location: US) 3.Maintain Interfaces that are provided by an Application and relate them to the receiving Applications (e.g. using SAP PO Integration)
  9. 9. Start with basic information and gather more details iteratively. 9
  10. 10. Subscriptions will give you insights about responsibilities from a technical and legal perspective. Adding subscriptions 10 1.Make sure responsibility. For every Application is clear 2.Differentiate responsibilities introducing „Application Owner“ (Data Processor) or „Data Protection Officer“ 3.Subscriptions help you to have a primary contact, if you need them (e.g. as part of an official GDPR “Procedure Index”)
  11. 11. Start with basic information and gather more details iteratively. 11
  12. 12. Link all your relevant documents on the Fact Sheet to easily hand them out them upon request. Adding Documents 12 1.Link Document from your Content Management System in LeanIX 2.Access all relevant data as you need more detailed information (e.g. on SLA, NDA, Security) 3.Hand out all relevant links as regulatory bodies (IT Security, Auditors, Revision, …) require to do so
  13. 13. LeanIX makes it easy to access all relevant documents. 13
  14. 14. The survey helps you gathering additional GDPR related data or access your experts to fill out your Fact Sheets. Surveys-Power Features 14 1.Gather information that goes beyond the attributes on the Fact Sheet 2.Enable experts to maintain Fact Sheet Data in the survey – Low entry barrier! 3.Send out „Standard Surveys“ on a regular basis to apply with regulatory requirements Hint: We publish survey templates on an ongoing basis in our product documentation and our public github repository.
  15. 15. Entering data in reports massively lowers the entry barrier to LeanIX for new stakeholders. 15*Survey available onhttps://github.com/leanix-public/surveys
  16. 16. The Application Landscape gives you the chance to plan the compliance of your Applications in a business context. Viewpoint: Enterprise / Solution Architects 16 1.Where are Applications in use, that are highly GDPR relevant? 2.Are the Applications still supported by up-to-date technology? 1.What is the Data Flow of Personal Identifyable Information? 2.Is my project handling Personal Identifyable Data?
  17. 17. LeanIX provides you with an ad-hoc and easy to filter Produdure Index. Viewpoint: Data Privacy Officer 17 1.Have all GDPR relevant Applications available without any hassle for your Data Protection Officers – They will love it! 2.Hand out tables to auditors, revision, and other stakeholders based on a single-source inventory 3.Actively include your Data Privacy Officer in your daily work
  18. 18. Create lists to hand out to your main GDPR stakeholders without any hassle. 18
  19. 19. 19 Key Take Aways Data model easily adaptable to capture GDPR relevant information Opens door to new strong stakeholder and use case Views and Reports that answer audit-requests on an ad-hoc basis
  20. 20. WIFI: Leanix Code: EAconnectdays 20 THANK YOU! Any Questions?

×