Wednesday, January 27, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

The Importance of BPM in GDPR Compliance

by Mark Holenstein
June 29, 2018
in Compliance, Featured
process workflow map

How Business Process Management Can Help Meet GDPR Requirements

Mark Holenstein of Signavio discusses how process optimization helps to better prepare companies for GDPR and other regulatory compliance through the internal processes. Process management is seen as one of the necessary organizational steps needed to ensure a business is most prepared, as well as documented in their procedures.

The General Data Protection Regulation (GDPR) is a popular topic of conversation among business professionals around the world. The law was originally introduced and implemented on April 27, 2016, and allowed a two-year post-adoption grace period for businesses to become compliant and introduce a new system. The formal enforcement date for fining noncompliant organizations took effect on May 25, 2018. A survey completed by BPTrends, a firm that follows process modeling trends, indicated that in some cases, European businesses surpassed U.S. businesses on GDPR compliance by up to 500 percent. The survey also found that European businesses were more prepared due to their sophisticated business processes. However, it should be noted that many European and U.S.-based businesses are adopting GDPR standards as good practice.

Business process management (BPM) involves how businesses study, identify, change and monitor business processes and modeling to ensure that they run efficiently while improving those processes over time. The data from the BPTrends report shows that no North American organization in 2017 had spent more than $10 million on business process work or improvements. In contrast, five European companies spent between $10 million and $50 million, with one organization investing over $50 million. Process management can assist both European and North American companies in their processes when they become GDPR compliant; however, the emphasis on processes in Europe explains why those businesses are much more prepared.

With any organization looking to become GDPR compliant, processes must change to better protect the organization and implement new workflows. New plans must be drawn up for each organization, as well as documented and communicated to internal stakeholders, thus creating new processes. Much of the focus around the GDPR has been on data and data protection, rather than on processes, which are equally as important for companies affected by the regulation. Keeping up with the tracking and reporting required to achieve regulatory compliance can cost organizations considerable time and resources. Without an efficient system, it’s no doubt that an organization could easily fail to maintain compliance or efficiently keep up with internal deadlines that may require consent under the GDPR. For example, some of these processes might include ways in which an organization deals with a data breach, documents that breach and secures their systems to prevent future problematic implications. The way a business handles consent and data management in compliance with GDPR is all through their internal processes.

Well-functioning process management is essential when it comes to avoiding monetary penalties, yet many organizations do not see this as self-evident. A BPM system gives businesses the tools they need for rapid reaction to regulatory change. Compliance management is thus made easier, and complex rule sets are replaced by compliant and functioning processes. A business process management system is able to identify regulatory violations and risks in daily processes, ensure employees are correctly carrying out critical decisions, incorporate compliance changes into processes and ensure seamless traceability of new processes.

For example, any company that conducts business in the EU or with EU citizens, otherwise known as “data subjects,” must be within compliance. For a company like Cola-Cola that does business internationally, the processes of compiling and storing their company data must be addressed. The GDPR states that any company posing a risk to EU data subjects can be fined up to 4 percent of their global revenue, or €20 million, whichever is greater.  If Coca-Cola was to experience a data breach of this information, they could potentially be fined up to $1.1 billion, based on their 2017 revenue of $35.41 billion.

Process optimization not only prepares these companies for GDPR, but also provides workflow acceleration and process intelligence. All are critical to successfully implementing new GPDR regulations within an organization. Some basic operations of a BPM system include defining framework based on legal and standardized requirements; identifying, documenting and prioritizing risks; and assessing controls with supporting processes, procedures and test activities. Implementing these workflow processes to manage risk and controls is of the highest importance, as it allows for a business to monitor and report while continuously improving.

Effectively translating strategy into action is the cornerstone of business transformation, and using a BPM system assists in creating positive behaviors and mitigating threats businesses will encounter as the organization embarks on their journey to GDPR compliance through process management.


Tags: GDPR
Previous Post

Penalties for Corporate Offenders in Australia Set for Significant Change

Next Post

90 Percent GDPR-Audit Failure Rates Ahead

Mark Holenstein

Mark Holenstein is COO at Signavio, a leading provider of business process management solutions, where he is responsible for sales, customer service and marketing. For more information please visit www.signavio.com.

Related Posts

folder of Chinese apps blacklisted in the US (QQ, Alipay, CamScanner, WeChat, SHAREit, WPS Office)

EO Sets in Motion Ban on Transactions with Chinese App Developers and Owners

January 27, 2021
invisible man in black on neutral background

The Curious Absence of Corporate Monitors

January 27, 2021
businessmen in miniature studying volatile stock market

The Risk of Undervaluing Culture in a Volatile Market

January 27, 2021
digital cybersecurity and network protection

Vetting Vendors’ Cybersecurity

January 26, 2021
Next Post
rubber "fail" stamp

90 Percent GDPR-Audit Failure Rates Ahead

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights