Software AG Case Studies Protecting data during digital transformation - ARIS Connect & GDPR compliance

Edit This Case Study Record

	Protecting data during digital transformation - ARIS Connect & GDPR compliance Software AG

Protecting data during digital transformation - ARIS Connect & GDPR compliance

Software AG

Technology Category	Application Infrastructure & Middleware - Data Exchange & Integration Application Infrastructure & Middleware - Middleware, SDKs & Libraries
Applicable Industries	Telecommunications
Applicable Functions	Business Operation
Use Cases	Process Control & Optimization Regulatory Compliance Monitoring
Services	Software Design & Engineering Services System Integration
Challenge	TDC Group, the leading telecommunications company in Denmark, was facing a significant challenge with the enforcement of the EU General Data Protection Regulation (GDPR). A specific pain point for TDC was Article 30 of the GDPR, relating to the maintenance of processing activity records. This article lays out the obligations to store records by process controllers and representatives, documents erasure time limits and outlines transfers of data to third parties. It represents a serious compliance headache. TDC had a mountain ahead of it to climb. One of GDPR’s central requirements is for companies to generate ROPA reports detailing data collection, related processes, and uses in a way that makes data protection accountable. Easy to do with the right tools—and documentation—in place. Impossible otherwise. Read More
About Customer	TDC Group is the leading telecommunications company in Denmark. With a history dating back to 1882, TDC has been at the vanguard of everything from laying sub-sea cables to setting up wireless networks with cutting-edge connectivity, bandwidth and speed. More than 8,000 employees help TDC bring people together with communication services, mobile devices, and televised and digital content. TDC Group has seen a lot of change in the telecommunications business during the past 130 years. But it’s seen nothing quite like this: A one-two punch of rapid digital disruption in the form of exponential mobile connectivity growth and shifting consumer entertainment consumption patterns—at the same time that the EU General Data Protection Regulation (GDPR) begins enforcement. Read More
Solution	In 2018, TDC chose ARIS Connect to satisfy GDPR requirements. With ARIS Connect, TDC was able to model and document its processes for GDPR compliance on time and in-depth. And with ARIS Aware, which seamlessly integrates into ARIS Connect, these process models were filled with live system data. And innovative analytics and visualizations provided actionable insights across the organization. All in all, TDC went from having no authoritative single source of truth for such information to a unified system, ensuring it never loses track. As TDC forges ahead with a major business transition, the need to automate as much as possible has never been greater. This means there is no more tedious work involving periodic reviews to check compliance. Instead updates are made collaboratively on an ongoing basis via ARIS Connect. Read More Log in to view content
Contents

Technology Category

Application Infrastructure & Middleware - Data Exchange & Integration

Application Infrastructure & Middleware - Middleware, SDKs & Libraries

Applicable Industries

Telecommunications

Applicable Functions

Business Operation

Use Cases

Process Control & Optimization

Regulatory Compliance Monitoring

Services

Software Design & Engineering Services

System Integration

Challenge

TDC Group, the leading telecommunications company in Denmark, was facing a significant challenge with the enforcement of the EU General Data Protection Regulation (GDPR). A specific pain point for TDC was Article 30 of the GDPR, relating to the maintenance of processing activity records. This article lays out the obligations to store records by process controllers and representatives, documents erasure time limits and outlines transfers of data to third parties. It represents a serious compliance headache. TDC had a mountain ahead of it to climb. One of GDPR’s central requirements is for companies to generate ROPA reports detailing data collection, related processes, and uses in a way that makes data protection accountable. Easy to do with the right tools—and documentation—in place. Impossible otherwise.

About Customer

TDC Group is the leading telecommunications company in Denmark. With a history dating back to 1882, TDC has been at the vanguard of everything from laying sub-sea cables to setting up wireless networks with cutting-edge connectivity, bandwidth and speed. More than 8,000 employees help TDC bring people together with communication services, mobile devices, and televised and digital content. TDC Group has seen a lot of change in the telecommunications business during the past 130 years. But it’s seen nothing quite like this: A one-two punch of rapid digital disruption in the form of exponential mobile connectivity growth and shifting consumer entertainment consumption patterns—at the same time that the EU General Data Protection Regulation (GDPR) begins enforcement.

Solution

In 2018, TDC chose ARIS Connect to satisfy GDPR requirements. With ARIS Connect, TDC was able to model and document its processes for GDPR compliance on time and in-depth. And with ARIS Aware, which seamlessly integrates into ARIS Connect, these process models were filled with live system data. And innovative analytics and visualizations provided actionable insights across the organization. All in all, TDC went from having no authoritative single source of truth for such information to a unified system, ensuring it never loses track. As TDC forges ahead with a major business transition, the need to automate as much as possible has never been greater. This means there is no more tedious work involving periodic reviews to check compliance. Instead updates are made collaboratively on an ongoing basis via ARIS Connect.

Impact #1	Achieved GDPR compliance
Impact #2	Automated ROPA processes
Impact #3	Unified data protection formats

Impact #1

Achieved GDPR compliance

Impact #2

Automated ROPA processes

Impact #3

Unified data protection formats

Benefit #1	Generated a 1,000-page, legally compliant Records of Processing Activities (ROPA) report for regulatory authorities

Benefit #1

Generated a 1,000-page, legally compliant Records of Processing Activities (ROPA) report for regulatory authorities

Download PDF Version

Overview

Protecting data during digital transformation - ARIS Connect & GDPR compliance

Operational Impact

Quantitative Benefit