neděle 29. října 2017

GDPR is NOT an IT project, it is a Complex Change Program!

GDPR is NOT an IT project, it is a Complex Change Program!
18 SEPTEMBER 2017 
Článek byl publikován na portálu:
Plné znění najdete na adrese:
Cituji vybrané části textu:
"The complexity of GDPR poses the challenge of how to address the requirements; some regard it as an IT project since it (partially) relates to information stored in systems and applications. Others regard it as an Information and IT Security Initiative driven by the need to protect information." 
"...there are several functions and areas in an organization that need to be involved and interact in the change journey. Only working together in coordination can an organization ensure to avoid potential fines and implications to the organization's brand."
"As an example, see the request below from a former employee, requesting information to be deleted, that lacks any legal basis to be stored or further porcessed: 
Příklad - Požadavek: "Delete all information about me that has no legal basis to be stored"
- Where do we have personal data stored?
- What data do we have to remove and what data do we need to store?
- What 3rd parties may have data that we need to delete?
- How to delete all data in an efficient way?
"A “simple” request of deleting information has an impact on several functions in an organization:
All departments - IT - Procurement - Managers and employees - ‘Servcie Desk’ - Legal advisors" 
"There is a need for a Cross-Departmental Change Program or a Transformation Program."
"Hence GDPR should not be deemed as an IT or Information Security project, instead a Program of Complex Change  that needs to address all areas and departments in the organization."
V textu je uveden odkaz na článek 
" ... about the difference between a change program and a transformation program" na adrese: