Planview Blog

Your path to business agility

Enterprise Architecture

5 Tips to Get Started with GDPR

An opportunity for enterprise architects [Part 1]

Published By Nicola McCoy
5 Tips to Get Started with GDPR

When it comes to data privacy in the European Union (EU), the clock is ticking. In less than one year on May 25, 2018, the most sweeping change in data privacy regulation in 20 years will go into effect for consumers and businesses throughout Europe. Here are the quick facts about the General Data Protection Regulation (GDPR):

  • It gives people more say over what companies can do with their data
  • It makes data protection rules consistent across the EU
  • It affects organisations that offer goods and services within the EU and have customers and employees based there
  • It introduces tougher fines for non-compliance and data breaches

For details, visit

An Opportunity for Enterprise Architects

At the business level, this new regulation puts millions of pounds, euros, and dollars at stake in the event they fail to properly protect sensitive personal information; in addition to the unquantified damage it could have on a brand’s reputation.

This is an opportunity for IT and enterprise architects to show their value to the business.

Because organisations will be obligated to protect personal data as a corporate asset, they must understand how it is being used—and leaders will look to IT and enterprise architects for this information to support decision making. More importantly, as part of the new standard, companies can only use the data collected for its stated purpose—so having insight into how personal data is being used will be imperative to compliance.

IT and enterprise architects are in the best position to help the business understand how data is being used to not only support customers, but advance strategic initiatives such as digital transformation.

Do I have your attention? Now what?

GDPR - An Opportunity for Enterprise Architects

5 tips to help you get started with GDPR compliance:

  1. Identify key groups’ stakeholders in the company and create a committee
  2. Work with those stakeholders to ensure they understand what GDPR is, how it will affect your organisation, and how YOUR team will support them
  3. Schedule a meeting to discuss which departments, technology, processes, and data could be impacted
  4. Put a plan in place for adhering to the regulation within your organisation
  5. Begin documenting information assets that contain personal data and how it is used within the organisation (Planview can help you with that!)

GDPR is a hot topic for organisations operating within the EU. Register for the webinar, GDPR—An Opportunity to Better Understand and Transform Your Organisation, for more information on GDPR and how IT and enterprise architects can support the business and achieve compliance. In my next blog, I will discuss what questions you need to consider when assessing your information and data and information portfolio—now and in the future.


Related Posts

Written by Nicola McCoy Managing Consultant

Nicola McCoy has over 20 years experience working within information security, enterprise architecture, global technology, and enterprise software roles. She has deep experience in helping organisations to understand operational resilience, information security, and how to manage risk within a connected enterprise, while communicating their current risk posture to senior (C-level) stakeholders. Nicola works with many of our customers to implement solutions that support recording, reporting and analyzing risk across the enterprise. Prior to working for Planview, Nicola was a key member of the Global IT Security and Global IT functions within PricewaterhouseCoopers where she was a thought leader in information security policy, strategy, and standards.