Software AG > Case Studies > Protecting data during digital transformation - ARIS Connect & GDPR compliance

Protecting data during digital transformation - ARIS Connect & GDPR compliance

Software AG Logo
Customer Company Size
Large Corporate
Region
  • Europe
Country
  • Denmark
Product
  • ARIS Connect
  • ARIS Aware
Tech Stack
  • Data Protection Software
  • Process Modelling Software
Implementation Scale
  • Enterprise-wide Deployment
Impact Metrics
  • Productivity Improvements
  • Digital Expertise
Technology Category
  • Application Infrastructure & Middleware - Data Exchange & Integration
Applicable Industries
  • Telecommunications
Applicable Functions
  • Business Operation
Use Cases
  • Regulatory Compliance Monitoring
  • Process Control & Optimization
Services
  • System Integration
  • Software Design & Engineering Services
About The Customer
TDC Group is the leading telecommunications company in Denmark. With a history dating back to 1882, TDC has been at the vanguard of everything from laying sub-sea cables to setting up wireless networks with cutting-edge connectivity, bandwidth and speed. More than 8,000 employees help TDC bring people together with communication services, mobile devices, and televised and digital content. TDC Group has seen a lot of change in the telecommunications business during the past 130 years. But it’s seen nothing quite like this: A one-two punch of rapid digital disruption in the form of exponential mobile connectivity growth and shifting consumer entertainment consumption patterns—at the same time that the EU General Data Protection Regulation (GDPR) begins enforcement.
The Challenge
TDC Group, the leading telecommunications company in Denmark, was facing a significant challenge with the enforcement of the EU General Data Protection Regulation (GDPR). A specific pain point for TDC was Article 30 of the GDPR, relating to the maintenance of processing activity records. This article lays out the obligations to store records by process controllers and representatives, documents erasure time limits and outlines transfers of data to third parties. It represents a serious compliance headache. TDC had a mountain ahead of it to climb. One of GDPR’s central requirements is for companies to generate ROPA reports detailing data collection, related processes, and uses in a way that makes data protection accountable. Easy to do with the right tools—and documentation—in place. Impossible otherwise.
The Solution
In 2018, TDC chose ARIS Connect to satisfy GDPR requirements. With ARIS Connect, TDC was able to model and document its processes for GDPR compliance on time and in-depth. And with ARIS Aware, which seamlessly integrates into ARIS Connect, these process models were filled with live system data. And innovative analytics and visualizations provided actionable insights across the organization. All in all, TDC went from having no authoritative single source of truth for such information to a unified system, ensuring it never loses track. As TDC forges ahead with a major business transition, the need to automate as much as possible has never been greater. This means there is no more tedious work involving periodic reviews to check compliance. Instead updates are made collaboratively on an ongoing basis via ARIS Connect.
Operational Impact
  • Achieved GDPR compliance
  • Automated ROPA processes
  • Unified data protection formats
  • Visualized processes for simplicity
  • Identified three priority areas that needed immediate attention: its data deletion, purpose per process and legal ground policies
Quantitative Benefit
  • Generated a 1,000-page, legally compliant Records of Processing Activities (ROPA) report for regulatory authorities

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Related Case Studies.

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.