BPM.com
  1. Peter Schooff
  2. Sherlock Holmes
  3. BPM Discussions
  4. Thursday, 26 April 2018
  5.  Subscribe via email
As quite a few folks from Europe attend bpmNEXT, the GDPR, or the General Data Protection Regulation, was a hot topic at the conference. So do you think BPM is key to managing the new requirements of the GDPR?
Accepted Answer Pending Moderation
Keep it simple - #GDPR as an #BPM application - see ref [1].

Thanks,
AS
References
  1. http://improving-bpm-systems.blogspot.com/2017/06/gdpr-as-bpm-application.html
Comment
  1. more than a month ago
  2. BPM Discussions
  3. # 1
Accepted Answer Pending Moderation
Absolutely a great approach to manage GDRP requirements and operationalizing those requirements into a business operation. Furthermore, BPM is the foundation that will manage the actions within GDRP- business rules, processes policies encapsulated in a BPM platform will manage the needs and outcomes to fulfill the requirements. We are just scratching the surface of new business requirements that GDRP is forcing organizations to adopt, how organizations will change their respective business models/processes and institute in their respective operations. Incredible opportunities ahead given this GDRP challenge.......
Comment
  1. more than a month ago
  2. BPM Discussions
  3. # 2
Accepted Answer Pending Moderation
Key, for sure, for those who recognize that GDRP is all about process steps that pick up/display data and, on a need-to-know basis, share the data.

The basic principle is the more data you allow to get out of your hands, the higher the risk of inadvertent or purposeful disclosure.
Comment
  1. more than a month ago
  2. BPM Discussions
  3. # 3
Accepted Answer Pending Moderation
We have seen several approaches, within a broader process spectrum, of blockchain for enhanced case tracking and also ECM vendors (naturally) jumping in, offering document lifecycle management as components toward GDPR compliance.
In general, as with most compliance waves, I think it’s important to avoid falling into the hype and ending up with an overkill in budget and solutions, firstly validating what can be accomplished with existing platforms the user has it his/her disposal.
NSI Soluciones - ABPMP PTY
Comment
  1. more than a month ago
  2. BPM Discussions
  3. # 4
Accepted Answer Pending Moderation
GDPR is an excellent use case for a BPM approach and a supporting BPM-flavoured technology.

As for blockchain, God, I can't even... I'll just ask this - did anyone actually talk to distributed computing experts to see that there's a lot of technologies that achieve the design objectives of blockchain while being incomparably faster and cheaper? Global consesus for each transaction is suited for very few actual business environments, where there's zero trust between parties (such as currencies) - in most other cases blockchain is unnecessarily slow and expensive.

Also, related to GDPR -- how does one reconcile "the right to be forgotten" requirement with the "immutable ledger" concept of the blockchain?
CEO, Co-founder, Profluo
Comment
RE "Aslo, related to GDPR -- how does one reconcile "the right to be forgotten" requirement with the "immutable ledger" concept of the blockchain?" For example, encrypting data in the BC with "individual" keys and destroy those keys to forget the data.
RE "Global consesus" What is such consensus about? Business aspects (who can carry out a transaction) or technical aspects (integrity of its audit trail)? Sometimes you need both of them in the BC (e.g. for avoiding the double spending in BItcoin). In a properly architected system, such aspects are clearly separated thus the BC may be considerably more efficient. Unfortunately, blockchain-programmers see everything else as an application for their favourite technology.
creating and destroying individual encryption keys sounds overly expensive (computationally)... and of course it's still crackable, given enough time.
so, yeah, as you said, BC folks see everything as an application of BC. Which makes me think it's a solution in search of valid problems (outside that one valid case of zero-trust, low-frequency trading).
Awesome observation on block-chain relevance versus complexity!
  1. more than a month ago
  2. BPM Discussions
  3. # 5
Accepted Answer Pending Moderation
I see this along the same lines as HIPAA, Sarbanes-Oxley, FATCA, and Dodd-Frank - the need to have a system in place to distribute, track and audit policies and procedures around implementing these types of regulations. So, a BPM solution is a perfect choice. Even further a content-enabled BPM solution so that any procedures documented can be sent along with notifications, archived with audit logs of what happened during the review process, etc., even automatically distributing the finished policies when it's time for review.

To take it down to another level, consulting firms like the one I work for, need to be able to swap out the "face" of a solution in order to market it to the latest "thing" coming down the pike. Compliance issues like this are always popping up and while we have a standard BPM solution that handles notifications from Compliance to other departments, if it doesn't have the current terms for the problem of "today" it's not as flashy.

We're faced with having to take an existing solution we feel covers 75-80% of the topic at hand and then changing some labels, some dropdown options, perhaps modifying process flows just slightly, etc. to brand the existing solution as a new one. Having a BPM platform that makes this easier to do this is important but that veers off the topic trail.

Yes, BPM is the right solution. Our challenge is getting the right face on it so we can market it quickly while the iron is hot.

I'll see if I can include more cliched analogies for the next question of the day. :)
Managing Director
ClearCadence, LLC
http://www.clearcadence.com
Comment
  1. more than a month ago
  2. BPM Discussions
  3. # 6
Brian Reale
Blog Writer
Accepted Answer Pending Moderation
We think so. In fact, we made an announcement about it at RSA last week regarding a lightweight DSAR product that has been built on our new product - workflow as a microservice engine. See link below.
References
  1. https://globenewswire.com/news-release/2018/04/18/1481016/0/en/Data443-Integrates-ClassiDocs-with-ProcessMaker-to-Power-Fast-Accurate-Response-to-Data-Subject-Access-Requests-DSARs.html
Comment
  1. more than a month ago
  2. BPM Discussions
  3. # 7
Accepted Answer Pending Moderation
BPM plays especially important role in all situations related to regulations and compliance. This is not accidental. Any regulation is a set of requirements and complementary procedures necessary to fulfill these requirements. Therefore, conformance to requirements can and should be expressed in a form of a business model. GDPR is just another standard to prove this common rule together with ISO, HIPPA and many others.

Especially, in case of GDPR one may even say that its implementation literally boils down to BPM and process adjustments. How else one can plan, implement and prove GDPR compliance, if not through process driven system design? It is fairly unlikely that GDPR will cause total replacement of existing digital business platforms. Instead, platforms will be adapted to follow GDPR procedures, in other words, processes.

We may think of GDPR as one of the world's biggest BPM initiates bringing process driven practices into daily routine of every business.

https://caseagile.com/wp-content/uploads/gdpr_process.jpg
Comment
  1. more than a month ago
  2. BPM Discussions
  3. # 8
Accepted Answer Pending Moderation
GDPR is basically about giving assurance on accountability and security. BPM is a ready made driver for accountability with supporting software which can readily track activity. As ever nothing remains static at this operational end of any organisation including government and as such needs a new mind set in contrast to the silo based hard coded inflexible legacy which allowed that gap to emerge between people and such systems. Looks like GDPR is a formalised recognition of this serious deficiency in existing systems and may open the door for BPM skills and see next generation "outside in" software development become the driver?
Comment
  1. more than a month ago
  2. BPM Discussions
  3. # 9
Accepted Answer Pending Moderation
For those interested a fairy comprehensive summary of GDP

ISSUE DATE: 1 May 2018
TOP STORIES
GDPR: An overview of the latest data protection legislation
The forthcoming General Data Protection Regulation (GDPR) will have wide-ranging implications for every organisation that processes personal data, writes Dai Davis.
READ MORE → http://ed-link.techtarget.com/r/SP4L07B/MRADVG/PC37HJ/FY9JR3/QPZGV6/NN/h?a=20465073

Both block chain and GDPR involve operation process assurance and that takes you to BPM...
Comment
  1. more than a month ago
  2. BPM Discussions
  3. # 10
Accepted Answer Pending Moderation
GDPR is important, with high risk. And lots of detail work -- a.k.a. "work" in a complex multi-actor, multi-asset universe. And the need for accountability, transparency, granularity and flexibility. That means good data models, good rules management (as first-class capability) and good process management (as first-class capability). As I have written elsewhere, "BPM is the technology of the work of business" -- this is true also of "the work of privacy".

So -- the question could be, how can one NOT use BPM software technology (along with data and rules technologies) to manage the requirements of GDPR? The alternatives are worse in every dimension.
Comment
  1. more than a month ago
  2. BPM Discussions
  3. # 11
Accepted Answer Pending Moderation
Any regulation, and GDPR is no different, introduces a process. Even if at first companies think they can simply wing it and be GDPR compliant to start off, once a few companies get slapped with lawsuits, as is starting to be the case, then processes are a must have. For example, an online publisher must now have a cross departmental process in place when introducing a new marketing tag to the website. The new service needs to be in pace in the CMP in the ads.txt in the privacy policy, etc. It's no longer just an involvement of marketing or ad operations but legal, web content management, development, etc. For instance take this checklist which basically makes the whole process of "dropping a tag" on your website a lot more complicated than it once used to be. Now imagine you're doing this all the time and you will be in need of BPM to get it done right and avoid data breaches, costly data breaches.
References
  1. https://www.namogoo.com/blog/the-ultimate-gdpr-compliance-checklist/
Comment
  1. more than a month ago
  2. BPM Discussions
  3. # 12
  • Page :
  • 1


There are no replies made for this post yet.
However, you are not allowed to reply to this post.