The System Integration Insight Blog | Starlify

Digital transformers and compliance heroes - friends or enemies?

Written by Gustav Rosén | Nov 9, 2020 1:46:51 PM

Every hero needs an enemy

If you’re doing duty in the same enterprise battleship as a digital transformer and a compliance officer you will most likely see sparks of fire when they meet on the topic of consumer data in your business. The battle between the two often plays out with a set of tactical shields by the GDPR officer and tactical weapons by the digital transformer. If played out to its end it will develop into a battle royale with two weapons of mass destruction that will hurt your company:

  • Digitalization nuke:        4% annual revenue loss if not developing the consumer experience 
  • GDPR nuke:                     4% annual revenue loss if not meeting GDPR compliance

Tactical Shields of the
GDPR officer

  • Global Data Protection Regulation Docs
  • Binding Corporate Rules (BCRs)
  • GDPR Consent
  • GDPR Data Controller
  • Data Erasure
  • The right to be forgotten
  • GDPR Data Processor
  • GDPR Data Sub-processor
  • GDPR Data Subject (s)
  • Main establishment
  • Privacy by design
  • Pseudonymisation
  • Subject Access Right
  • Anonymisation
  • Reporting data breach

Tactical Weapons of the
Digital transformer

  • Omni-channel consumer experience
  • Consumer recommendation engines
  • Instant consumer insights
  • Operative consumer analytics
  • Consumer loyalty programs 
  • Behavioural analytics
  • Event streaming consumer data
  • Social media consumer sharing
  • Consumer data machine learning
  • Consumer Internet of Things
  • From consumer mobility to wearables
  • Consumer 3rd-party marketplaces
  • AI for 24/7 Consumer Services
  • Consumer tracking

So what to do if you see these two characters start pulling their tactical shields and weapons against each other?

Team up ...and battle together! 

My 5 cents is that the internal fight can be calmed quickly by directing focus to the competition. It is logical to see that the top businesses that win in the marketplace likely use both weapons and shields. That is - it is not only a great consumer experience that win these days - but also ensuring your consumers that you handle their personal data with trust and in accordance with promises. Hence, the real nuke in GDPR is lowered customer trust, not GDPR penalty.

A SHARED battle prep CHECKLIST

Take shelter (team up in a meeting room) and go through the below 30 second checklist.

Your company have 1-2-3...

  1. list of personal consumer information (i.e. the type of information)
  2. list of places where you keep this personal consumer information
  3. a clear view of how  personal consumer information flows between the places

This is "prio 1", "top 3",  "the bread and butter". ...ok, you get it, without this you're toast! 

...answered "ehh...no" to any of these? Then check the impact below:

 

Tactical Shields of the GDPR officer

  • Global Data Protection Regulation Docs
  • Binding Corporate Rules (BCRs)
  • GDPR Consent
  • GDPR Data Controller
  • Data Erasure
  • The right to be forgotten
  • GDPR Data Processor
  • GDPR Data Sub-processor
  • GDPR Data Subject (s)
  • Main establishment
  • Privacy by design
  • Pseudonymisation
  • Subject Access Right
  • Anonymisation
  • Reporting data breach

Tactical Weapons of the Digital transformer

  • Omni-channel consumer experience
  • Consumer recommendation engines
  • Instant consumer insights
  • Operative consumer analytics
  • Consumer loyalty programs 
  • Behavioural analytics
  • Event streaming consumer data
  • Social media consumer sharing
  • Consumer data machine learning
  • Consumer Internet of Things
  • From consumer mobility to wearables
  • Consumer 3rd-party marketplaces
  • AI for 24/7 Consumer Services
  • Consumer tracking

The yellow marked will be really hard and the red marked will be impossible or very limited, due to the lack of complete consumer data flow insight.

Note: The above "top 3" is NOT enough to meet GDPR and compliance. 

E.g. in addition you should have a privacy policy with a lawful (not an awful ;) basis for data processing, have (in most cases) an appointed DPO (data protection officer), GDPR awareness among decision makers, an up to date tech security, staff training on GDPR, etc. etc. 

All of this is listed over a snack by the compliance officer (and there are plenty of checklists online)

The point of this post is - with complete consumer data flow insight you are not only geared up for compliance by being in control of the consumer data, where its located and how the data flows between the places - you will also be ready to create a fantastic consumer experience and beat the market competition by putting not only the shields but also the weapons into play.

 

Let me take a win-win example: The right to be forgotten

It is the promise to your consumers that if they for some reason would like to stop using your products and/or services you will promptly assure all parts of your business get rid of the consumer data. How can you ensure this promise? It can only be made by knowing  1) The personal consumer data tracked. 2) Where it is stored and 3) How it is spread across your organization. 

If you don't know this it will be really hard not only to forget (delete) the data but even be able to serve up a list of data processors and/or sub-processors as part of your EULA / EUT (end user license agreement / end user terms) as you don't know what applications the personal consumer data span. And then to the beauty... 1-2-3 is not only a compliance shield but more so a digital transformer enabler that power basically all of the above tactical weapons. "If you know better, you do better" and can also reap the full benefit of the consumer data - from omni-channel experiences to to consumer loyalty programs and behavioral analytics.

The solution – The consumer application network 

How to do 1-2-3 efficiently? We have the answer! Starlify for application networking efficiently register and visualize not only personal consumer data but all your company information assets, their locations and foremost - how the information flow in your application network.

You can put Starlify to play in just minutes to solve 1-2-3.

In order to get a clear view of your consumer application network you need to tag consumer parts of your full application network in Starlify. Below a selected e2e Flow of Consumer data in Starlify highlighted in a complete application network.

 


Distinguish your consumer application network

Once tagged you can highlight and filter out the personal consumer data. Next step add processors and sub-processors to always have an up to date list for your EULA / EUT.

Readers question:
Well, all good but how to get the freaking data in there in the first place?!

This is the beauty of Starlify. The idea of Starlify is NOT another spreadsheet listing or EA tooling for "ivory tower architects" but a SaaS for democratized application networking and decentralized connectivity collaboration. 

With Starlify you can invite all your system owners and collaborate to keep the application network, including the consumer application network, updated.

Option A - GUI view edits

Option B - Import/Export CSV

Option C - API calls with JSON

Option D - API imports of YAML 

....yes, Option D is the very same way DevOps application teams are updating API portals by Swagger/OAPI specification imports from their build pipelines.
...and yes, there is an on premise option if you (shiver when hearing SaaS / Cloud or) simply need to keep your application network data in your own data center for compliance.

Get GDPR compliant AND boost your consumer experience

Use Starlify to create your application network in no time from your existing API catalogues and other integration catalogues.