After reviewing many available solutions, a large Dutch financial institution selected Insight as the app they trust to capture, document and assess all personal data, all while complying with GDPR principles.
Jump to the main takeaways:
This customer success story comes courtesy of Avisi, our platinum solution partner in the Netherlands.
The company in question, operating out of the Netherlands, is an expert in the field of sustainable banking. With nearly a million customers over multiple countries, their operations and revenue streams have increased significantly over time.
To best comply and the most recent General Data Protection Regulation (GDPR) policies in Europe, the organization started looking for a solution that would be able to:
- Capture all data related to their existing GDPR processes
- Document personal data usage as it relates to established GDPR requirements
- Ensure that their chosen solution would integrate easily with their existing digital ecosystem
After reviewing several possible software solutions, the institution deemed them either too costly or not well-suited to their specific needs. In the short term, they relied on spreadsheet technology to gather, process and display that data.
That is, until Avisi suggested that they use Insight as a solution. This customer already had experience using the platform, specifically to integrate a CMDB with their Jira Service Desk environment. That previous success buoyed their determination to think outside the box and use an unconventional platform to meet GDPR regulations.
The financial institution’s road to using Insight for their GDPR needs started with the creation of an object schema, which we’ll call their Data Processing Database. This schema is where they store all the details related to processes that use personal data.
As mentioned earlier, there were reams of existing data left in Excel sheets, with numerous tabs and references to account for. Thankfully, this meant that they already knew the information they needed to populate the object schema with.
That said, this also presented the organization with one of their biggest challenges: to map all the data from those Excel sheets into that Insight structure, as well as join the different data sheets so they could be imported correctly.
The image below is an overview of the different object types we built and the dependencies mapped between different assets:
The process began with Avisi working with the client to help them assess all of their data dimensions and subjects. From there, they drew it all out to see how each of those relates.
Once the data model was finished, it was configured in Insight. With the time and attention they spent data modeling, the configuration part was easy. Where the difficulty lay was in understanding and drawing the data model together with the customer.
Data modeling was a crucial aspect of making sure that the customer got what they needed. Understanding what problems might arise and what parts of their infrastructure would be involved allowed them to configure the database properly, giving support workers the ability to close tickets quickly and efficiently.
Most of the object types are for reference purposes, but Processing Activity ID is the object type for new processing activities. An example of a reference object type would be one used for various business units and locations, all of which link documented process to the appropriate asset.
The same goes for the Organizational Role, where roles are defined by the GDPR law and then linked to the appropriate role for each processing activity.
Capturing all their GDPR data in such a structured way allowed the financial institution to easily generate reports and track changes within their asset dependencies. This brought a huge amount of overall value to their operations, the likes of which they’d never experienced before.
Another great benefit is their ability to cross-reference their GDPR-related personal data with their existing Insight CMDB. This preconfigured information makes linking each process to the application or workflow it’s used in far easier for the organization than ever before.
For example, if a customer wants his/her personal data to be deleted from the company’s system, the team member responsible for issue resolution can immediately search for the Processing Activity ID, see in which applications are using which type of data (email, name, etc.), and determine if deletion is permitted (which it sometimes isn’t, for tax reasons).
The organization’s users with hands-on experience working in this new system are very happy with the solution. They find the platform easy to use, even for those who had never previously entered information in Jira. Knowing exactly what they wanted prior to beginning this project also made implementation quick and stress-free.
Avisi is a leading Atlassian Platinum & Enterprise Solutions Partner with over 10 years of in-depth experience helping customers overcome challenges related to Software Development, DevOps, ITSM, QA, and Agile at Scale.
Avisi was founded in the Netherlands in 2000. Since then, it has grown into a successful company with over 100 employees. As Atlassian Partner of the Year award winner in 2017, Avisi creates synergy between processes and tools to optimize effectiveness in all organizations.
From training to support, from maintenance to hosting, from migrations to consultancy, Avisi is your partner for everything Atlassian. They service all kinds of organizations, from start-ups to multinationals, small app developers to government and banks, and everything in between.
For more information on the powerful functionality that Insight offers, and how you can start your free trial today, click below!
Originally published Aug 16, 2019 9:00:00 AM