In the US, SOX and HIPAA compliance have led the way in establishing BI best practices around regulated information. Now, the EU’s implementation of the General Data Protection Regulation (GDPR) is leading the way in establishing new data privacy standards based on privacy by design.
How will your BI team meet these new demands?
The BI team will need to become even more vigilant about data privacy, implementing data inspection, protection and retention policies, along with the procedures and techniques to establish and enforce these policies. Once the policies are in place, their enforcement is largely a matter of BI system change management.
To manage BI system change efficiently and effectively (efficiency = doing things right; effectiveness = doing the right things, per Peter Drucker), the BI team needs to focus on three activities:
- Detecting change
- Effecting change
- Validating change
You detect change through system awareness and data inspection. You effect change to maximize data protection in a timely manner. You validate change ton ensure your actions achieve the desired results ‑ and only the desired results.
BI System Change Management at Boston Properties
Boston Properties faced growing requirements, from both their internal and external auditors, to document change in their BI system and demonstrate that their internal controls and financial reporting remain consistent and in compliance with SOX regulations. The regimen they adopted to detect and document change is an excellent start for BI teams seeking to grow their awareness of their BI system and establish GDPR compliance.
In a recent webinar, Boston Properties V.P., Application Development, David Pigott discussed how they established this BI system change management regimen for a balanced approach to changes in BI content, environment, usage and security. He noted that the effort had many benefits beyond simply complying with regulatory and audit requirements. These benefits extended to:
- BI operations
- Security controls
- Resource planning
- Corporate and information governance
It pays to regard the GDPR as an opportunity to realize these kinds of benefits for your BI system and your organization. BI teams need to look beyond GDPR’s requirements, and to see GDPR as a set of best practices that can improve their SAP BI platform management capabilities.
Note: this post is the fifth in a series of posts on the GDPR, including: