Software AG > Case Studies > Protecting data during digital transformation - ARIS Connect & GDPR compliance

Protecting data during digital transformation - ARIS Connect & GDPR compliance

Company Size

1,000+

Region

Europe

Country

Denmark

Product

ARIS Connect
ARIS Aware

Tech Stack

Data Protection Software
Process Modelling Software

Implementation Scale

Enterprise-wide Deployment

Impact Metrics

Digital Expertise
Productivity Improvements

Technology Category

Application Infrastructure & Middleware - Data Exchange & Integration
Application Infrastructure & Middleware - Middleware, SDKs & Libraries

Applicable Industries

Telecommunications

Applicable Functions

Business Operation

Use Cases

Process Control & Optimization
Regulatory Compliance Monitoring

Services

Software Design & Engineering Services
System Integration

About The Customer

TDC Group is the leading telecommunications company in Denmark. With a history dating back to 1882, TDC has been at the vanguard of everything from laying sub-sea cables to setting up wireless networks with cutting-edge connectivity, bandwidth and speed. More than 8,000 employees help TDC bring people together with communication services, mobile devices, and televised and digital content. TDC Group has seen a lot of change in the telecommunications business during the past 130 years. But it’s seen nothing quite like this: A one-two punch of rapid digital disruption in the form of exponential mobile connectivity growth and shifting consumer entertainment consumption patterns—at the same time that the EU General Data Protection Regulation (GDPR) begins enforcement.

The Challenge

TDC Group, the leading telecommunications company in Denmark, was facing a significant challenge with the enforcement of the EU General Data Protection Regulation (GDPR). A specific pain point for TDC was Article 30 of the GDPR, relating to the maintenance of processing activity records. This article lays out the obligations to store records by process controllers and representatives, documents erasure time limits and outlines transfers of data to third parties. It represents a serious compliance headache. TDC had a mountain ahead of it to climb. One of GDPR’s central requirements is for companies to generate ROPA reports detailing data collection, related processes, and uses in a way that makes data protection accountable. Easy to do with the right tools—and documentation—in place. Impossible otherwise.

The Solution

In 2018, TDC chose ARIS Connect to satisfy GDPR requirements. With ARIS Connect, TDC was able to model and document its processes for GDPR compliance on time and in-depth. And with ARIS Aware, which seamlessly integrates into ARIS Connect, these process models were filled with live system data. And innovative analytics and visualizations provided actionable insights across the organization. All in all, TDC went from having no authoritative single source of truth for such information to a unified system, ensuring it never loses track. As TDC forges ahead with a major business transition, the need to automate as much as possible has never been greater. This means there is no more tedious work involving periodic reviews to check compliance. Instead updates are made collaboratively on an ongoing basis via ARIS Connect.

Operational Impact

Achieved GDPR compliance
Automated ROPA processes
Unified data protection formats
Visualized processes for simplicity
Identified three priority areas that needed immediate attention: its data deletion, purpose per process and legal ground policies

Quantitative Benefit