“oh no, not another article on GDPR …”
Don’t worry. I’m not going to talk at length about the EU General Data Protection Regulation, that becomes law on the 25th of May 2018, and other fines you might get for non-compliance …
In this article, I want to address what you can do, within a Qlik environment, to contribute to your company’s GDPR compliance process. But I also want to take this opportunity to pre-announce a platform we’ll soon be launching to support GDPR-processes on a corporate level. In case you’re not interested in the Qlik related information, you can skip to the last paragraph in this article (titled Arelios).
Most likely, the GDPR process in your company is or will be managed by your company’s DPO (Data Protection Officer) or an external legal or services firm. But if you’re in charge, or involved in the setup or management of a Qlik environment, you’ll be asked about personal data usage in Qlik, so it can be documented and managed in compliance with GDPR.
Using Qlik to access your data
If your company chose Qlik as a (self-service) BI tool, GDPR requires you, amongst other things, to be able to document which data you hold, where the data is stored, who has access to the data and how the data is used.
So how do you go about solving that task? Well, manually, it’s not an easy task, with all those Qlik applications and QVD files floating around.
That’s why we’ve recently signed partnerships with 2 technology companies that can help you address this issue. The first one, NodeGraph, gives you more visibility on your entire Qlik environment, all the way from data source to end-user application. A second one, TimeXtender, goes a step further and offers metadata-driven automation software.
NodeGraph – your first step to Qlik data lineage & tracing
With NodeGraph, you get an overview of your entire collection of Qlik apps. It enables you to see which data Qlik uses by showing data lineage & tracing. It even offers to write documentation on your behalf, which makes it easy to maintain as the process of creating it is automated.
One Step further, the TimeXtender Discovery Hub
If your BI and Analytics architecture enjoys the advantages of a data warehouse as the middle layer, as an alternative to Qlik accessing the sources directly, then you have even more opportunities to get closer to GDPR compliance.
The TimeXtender Discovery Hub offers you the best of both worlds: data governance and self-service. It is able to trace the data all the way from the source, through the data warehouse, the place for transformation and enhancing the data, to the front end.
The benefits from accessing the data through a shared semantic layer offers your company a common business language – that is mutual accepted terms used across the entire company – ensuring that you always will be speaking about the same information, making decisions based on the same numbers, figures and data beneath the reports. Think of the hours saved.
How does Discovery Hub help you with GDPR compliance?
In a Discovery Hub architecture, the creation of documentation is an automated task, so you will easily be ready for your first audit.
Governance and security setup, roles based on users within a domain and on a more detailed level per specific piece of data (an example being that the Belgian sales guy can only see sales in Belgium but not in other countries), are made as a dynamic solution. This means that the rule is for every sales person in every country ever added, with no lines of coding needing to be written or altered. In this way, you can automatically maintain the solution as your company and amount of data grows.
By choosing a future proof architecture like Discovery Hub as part of your BI & Analytics platform, everything about the solution is stored as meta-data. This makes it a lot easier to work towards GDPR compliance, as you have complete track of all the data arriving in your data warehouse and automated documentation is always up to date. But it also enables more agile, faster BI projects that add data in a few hours, so you get to use your in-house resources or consultancy hours to build interesting Qlik apps and not solve tech issues connecting to sources and dealing with creating the base for reporting as achieved years ago.
Steps towards GDPR compliance beyond Discovery Hub
Another part of the law also asks that you deal with issues regarding, for example, the citizens right to be forgotten and right to see their own data as well as how you handle breaches in data security.
Some parts of these obligations need the support of business processes to be implemented. Areas where buy in from management in departments with customer contact such as commercial as well as direct contact in sales, support and marketing campaigns needs attention. But that is a different part of the journey towards becoming GDPR compliant, one that needs human intervention more than what only automation and IT systems can solve.
Arelios, your GDPR compliance platform
This brings us neatly to the last point. Most of what you have read today about GDPR talks either about what GDPR is, or about the technical side, including the data lineage & tracing. Very little is told about the process, time and cost it takes to get there. And that’s the hardest (and most expensive) part.
We have met several law firms specialized in conducting GDPR compliance analysis projects, and been involved in many customer meetings discussing the GDPR compliance process. This process includes, and often starts with, a series of interviews of the employees responsible for and involved in the processing of personal data. These interviews are usually conducted based on a questionnaire, collecting information describing the different processing operations.
Currently, most of those companies are using (a) questionnaire(s) in Microsoft Word or Excel. While these tools allow great flexibility in the management of the questionnaire, they quickly become problematic when collecting and processing the information.
That’s why at Agilos we have developed Arelios, a platform supporting organisations to comply with GDPR. It helps people – both internal such as a DPO or internal legal teams and external such as service firms – with the interview process and uses sophisticated business analytics to track compliance progress. Through automation and smart survey techniques, it makes the whole process more productive, and keeps track of changes over time. It helps the GDPR project responsible build recommendations and track risk assessment and progress towards complete GDPR compliance, including high-level management KPI dashboards, as well as drill-down action plan reporting and legal reporting.
If you’re interested to know more about Arelios, you can download the ‘Arelios Background’ document here.
On the data lineage & tracing side, we’ll soon organize a workshop on ‘GDPR compliance for Qlik users’. Please follow us on LinkedIn, where we’ll announce this workshop.