A reflection in the wake of GDPR.
We know Enterprise Architecture, EA, as the architecture for an enterprise with the ambition to become efficient in managing, developing, and maintaining its business. Without EA, changes oftentimes are executed inefficiently, resulting in increased risks as well as higher costs, which in addition tend to worsen over time. Naturally, companies regularly face situations where large and risky investments need to be carried out. This can easily become an IT focus, resulting in supplier- controlled implementations.
We also know that the requirements on corporations and organizations are increasing regarding adherence to new legislation, and these also tend to be increasingly complex to manage. What ought to be done, what must be done, how, and to what cost are central issues for an implementation and is often delegated to a General Counsel or a Chief Compliance Officer to manage. GDPR implies requirements on control mechanisms, where proper management of processes, information and systems provides powerful support for an implementation. Without an enterprise architecture, even implementing the legal aspects as an isolated event becomes inefficient, resulting in high costs and increased risks. Management’s perspective on regulations is oftentimes nothing more than minimization of business risk, a necessary evil to lowest cost possible.
Well, dear reader, you can probably see where this is going, don’t you? But is enterprise architecture the remedy for everything?
Let’s think about this for a while. New regulation is a result of the endeavor of states to manage unwanted behavior in society. The ambition is set by our politicians, isn’t it? Such as creating effective markets, creating transparency and openness, standardizing, fighting uneven discrepancies, promoting common values, defining rules. Well, the list is long, where many of the ambitions point in the same direction, i.e. setting good, long term, conditions for corporations and organizations to develop.
An enterprise architecture gets its driving forces from the same source, doesn’t it? The similarity is striking from this perspective. Enterprise architecture wants to accomplish the same things but has its significance and impact in the internal perspective. An enterprise architecture designed well benefits all types of change requirements, whether they would be internal or external. It creates clarity and transparency, sets a standard for processes, information and systems, and also a common language. In other words, an enterprise architecture possesses cross-functional capabilities bridging different specialist competencies. It has generalized the specifics and let the specialized and unique remain in that state. It is a tool for communication and internal efficiency for improvements. That is where we know enterprise architecture has its natural position. Can enterprise architecture support compliance efficiently? Well, why not?! Let also the compliance process be part of it.