In managing the security of business roles, ERP system, and data, your organization needs to remain accountable to all the compliance mandates that affect your operations. Because roles, ERP, and data cannot be separated from the business processes that structure all activities within your organization, and you also need to include all the workflows and processes in planning compliance and security.
To-Increase RapidValue BPM suite, a business process management tool at use in many different organizations, provides the means to sync business processes with the ERP system and align both business activities and ERP with your company’s objectives and strategy. All organization specific GRC (governance, risk management and compliance) and GDPR business processes and flows can be mapped as a solution in RapidValue BPM Suite.
RapidValue BPM Suite helps you in creating the data model, application model, process model and business process model for your organization. All GDPR related vision, mission, goals, and metrics (example MTTI-Mean Time to Identify, MTTR-Mean Time to Resolve in case of a breach) can be mapped in RapidValue BPM Suite and also can be linked to your process model. This helps you identify the applications that have a touch point with personal data (PII).
RapidValue BPM Implementation Workspace provides your GDPR team a perfect tool to gather evidence; tracking compliance of those applications across functional groups and provide a complete a project orientation across your GDPR compliance journey.
Achieving GDPR compliance with RapidValue BPM suite:
1. Define your organization’s GDPR vision, strategy, goal and maps in RapidValue BPM Suite.
- Create a GDPR Compliance Journey solution in RapidValue BPM Suite.
- Import GDPR requirements and description and map your Policies in RapidValue BPM Suite. This includes all Data subject requirements and Privacy requirements as well.
- Map third party and different member state governance.
- Map Enterprise Risk, remediation, compliance and resiliency process in RapidValue BPM Suite.
- Capture specific Audit requirements in RapidValue BPM Suite. For D365 for FOE, To-increase Security and Compliance Studio helps you track close to 40 different event types.
- Personally Identifiable Information (PII) mapping across your organization flows. Highlight all Business processes, flows and activities with PII or PHI data.
- Identify the key data elements as PII or PHI Data Objects in RapidValue Data Objects. This includes- Data items (Name, email address, health data, credit card info, biometrics, location data, and criminal records), Data formats (paper records, database, and digital like USB etc.), Data Locations (on-premise, cloud, and third party. different member state) and Data Transfer methods (Internal, external, social media, mobile, posts etc.)
- Scope and phase out your GDPR compliance project. Phase the separate compliance project activities into Discover, Define, Develop, Deploy and Sustain milestones in RapidValue BPM Suite.
GDPR Organization process and application model mapped in RapidValue. Organizations may need investment in ISV or other applications to meet GDPR data subject rights as mentioned in Chapter-3 (Article 12-23) Rights of the data subject
- Do a Fit-Gap analysis so that there are no gaps in your compliance efforts to meet the deadlines.
- Analyze Gaps to create System requirements. Push these requirements to VSTS for subsequent development work.
- Conduct Data Protection Impact Assessments (DPIAs) using RapidValue as the base.
- Conduct a Data mapping exercise in RapidValue BPM suite. Store all DPIA related “Questions” as RapidValue Solution Questions. These can be used whenever a DPIA Exercise is done.
- Use RapidValue BPM Suite to create Acceptance Test plan, Test specifications and Report.
- Perform the acceptance test involving all flows with Personally Identifiable Information (PII) in D365 for FOE or other applications.
- Once GDPR compliant, use RapidValue BPM suite as the primary business process management and knowledge management tool across your organization.
GDPR Organization model mapped in RapidValue to detail GDPR governance structure, departments, roles and positions.
- And finally, maintain and continuously evolve your business processes to keep them relevant.
Example data flow with sensitive data identified during DPIA (Data Protection Impact Assessment) in RapidValue BPM suite:
RapidValue BPM suite helps you identify, capture, categorize and analyze all activities which involve dealing with personally identifiable information or protected health information. An example of a retails sale is shown below. Flow activity highlights any PII data processing in an activity.
All Business processes, flows and activities related to GDPR compliance can be sorted easily to identify an organization’s exposure and help it focus on high risk areas. This helps prioritize the activities as well.
To conclude, RapidValue BPM suite lets you understand and determine how your business runs by designing a business model that indicates the dependencies between people, processes, and systems. Set your direction by defining strategy and goals, and mapping them to processes. Empower employees by giving them direct access in Microsoft Dynamics 365 to all process details they need to know.
For more actionable ideas and insights into achieving GDPR compliance, download the eBook here