To execute an effective GDPR solution there are six infrastructure building blocks that you should have in your solution implementation.  Establishing the right level of automation for these components will deliver the required oversight of your data sources and data exchanges as well as providing the the framework for your leadership and team to be efficient and effective in using and controlling the data.  

Infrastructure Overview

Page 1.png

Infrastructure Building Blocks

Data Catalogue Data Catalogue A data catalogue records the details of the data held across your business. In a 'Basic' Form this could be an manually maintained Spreadsheet in best practice the cataloguing tool continually scans your estate and creates an actively maintained searchable catalogue. A catalogue is key to tracking that you are managing personal data, underpins Subject Access Requests and enables consent management.
Data Quality Data Quality Article 5 of the regulation requires that personal data you hold is up to date and accurate. In a 'Basic' solution this would be regularly manually checking Data Quality using the Data Catalogue as a guide to were the data is held. In 'Best Practice' a Data Quality tool would continual scan for Data Quality issues flagging and correcting as required.
Data Governance Data Governance To effectively manage your GDPR compliance you need to document and manage who supervises each item of data, that permissions and consents are captured and managed for each data point, how the logical data model of the business maps to the physical data model, what data is held by third parties on your behalf and if so are the data processing contracts GDPR compliant, is data being held or sent internationally and have you documented process flows as required by article 30. In a 'Basic' solution this could be an extension of the Spreadsheet that you are using as a Data Catalogue, in 'best practice' this is a Data Governance tool.
Single Customer View Single Customer View In order to effectively manage Permissions & Consents you need to be sure that permissions captured for a person on one source are matched to permissions captured for that person on other sources. Given the variations in identifying details a robust method for matching people records is required. Similarly when servicing a Subject Access Request being able to identify all variations of a persons identity across your systems is critical if you are to ensure you are reporting back on all data you hold on the requestor.
Subject Access Request Subject Access Request Subject Access Requests, Erasure Requests, Data Rectification Requests and the other Individual Rights Requests require not only a Data Catalogue and Single Customer View to find the required data quickly but a process to case manage the requests, ensure that you correctly identify the requestor, compile the data, approve the action and evidence that the action was taken. A 'Basic' solution is to use a spreadsheet to manage the workflow and document the case. 'Best Practice' is to use a workflow tool integrated with the Data Catalogue and Single Customer View.
Permission & Consents Management Permission & Consent Management Articles 6,7,8,18 and a number of others describe your requirements to clearly and transparently capture and manage consents and permissions. In a 'Basic' solution you may use a spreadsheet to master the Permission & Consents statements and then federate these out to systems in which your clients and prospects interface with your business. In a 'Best Practice' implementation a Permission & Consent Management Hub is deployed to automate the capture and management of citizens permissions.

Integrations overview

Page 1.png
page 2.png

Selecting the Infrastructure for your business

Depending on your business data volumes and complexity you will select a varying level of tool maturity and scalability to deploy. The table below provides a summary of the options.

Maturity & Scalability Data Catalogue Data Quality Data Governance Single Customer View Subject Access Request Permission & Consent Management
Best Practice Data Catalogue Tool Data Quality Tool Data Governance Tool Master Data Management Hub Data Catalogue Tool Permission & Consent Management Hub
Digital Applications Web Application Web Application with PL/SQL code fragments Web Application Machine Learning Matching Web Application Web Application with Federated Deployment
Basic Spreadsheet Manual Spreadsheet No Options Manual Spreadsheet with Federated Deployment