In the late summer of 2017, the university takes an initial step by informing employees about the new legislation using online communication, master classes and webinars. Subsequently, Privacy Officers are appointed for each of the nine faculties. Moreover, the ‘Digital Freedom and Privacy’ project team is
established to ensure compliance with the GDPR. The team consults its SAP ERP system and decides to conduct interviews with all 200 departments that emerge from this system. From Research to Management, and from HR to Marketing; how do employees actually handle personal data and why? What are their responsibilities and legal grounds? At this stage, the university concludes that at least 945 privacy-sensitive processes must be delineated. However, the number of processes proves to be dynamic and frequently increases due to the growth in data handling.
It soon becomes apparent that Excel offers insufficient features to clearly visualize all these data, including the inability to link them to each other, to the processes and applications. Maintaining control and complying with regulations requires more than static Excel lists. As a result, the Digital Freedom and Privacy department starts looking for an organization-friendly solution. One single location to record information about data handling. Organization-friendly particularly refers to a tool that eases communication. In addition, the department searches for a solution that is able to link the GDPR to the common reference language for educational institutions: HORA. Architectural reference languages stimulate good communication about desired IT structures and provides insight into the impact of changes that the GDPR will have on the provision of information.