Address BI compliance by ensuring that all departments uphold the law
The German data privacy laws, in particular the Bundesdatenschutzgesetz (BDSG or Federal Data Protection Act) set forth the conditions under which an enterprise may use personal information. These are among the strictest of their kind in the world. Yet, there are also national, European, and international rules & regulations to be considered.
The rule of thumb in the field of BI and big data is that everything is banned, unless expressly permitted – i.e., unless you have prior consent, it is unlawful. Consequently, departments like your IT unit are very much under pressure to uniformly address highly complex compliance requirements, resolve data silos, and ensure proper documentation. We also recommend involving experts and lawyers.
Strategy to ensure data privacy
The strategy to resolve this issue means you need to set up a procedure for proper use and compliance of your BI information. Below is a four-phase approach to assure compliance of your CRM and BI systems with data privacy laws:
- Phase 1: establish the status quo of your BI infrastructure and data management program
- Phase 2: identify potentially critical issues in your BI application, and any processes of relevance to data privacy
- Phase 3: check the data privacy admissibility of each relevant process: develop concepts for authorization and access, and the conditions for encrypting and anonymizing information in the database to comply with the regulations
- Phase 4: implement the concept(s) devised in the above steps and find software to execute this as best as possible.