Erasmus University & BlueDolphin
A Particularly Large Scale of Data Handling
In 2017, it became clear to every European organization that, by May 2018, they’d have to comply with the General Data Protection Regulation (GDPR). So did the Erasmus University. What does the organization do with personal data, after they have been permitted to use specific data?
An international oriented research institute like Erasmus University processes huge data volumes. In addition to the fact that the organization had 29,790 national and international students and 3,089 employees in 2017, the university consists of 200 departments and 9 research facilities focusing on health, prosperity, governance, and culture. Furthermore, student environments also contain a lot of sensitive data that raises countless questions. What is being researched, and for what reason? Naturally, the organization was faced with the challenge of tracing all these data streams and gaining insight into the location of the various data.
In the late summer of 2017, the university takes an initial step by informing employees about the new legislation using online communication, master classes and webinars. Subsequently, Privacy Officers are appointed for each of the nine faculties. Moreover, the ‘Digital Freedom and Privacy’ project team is
established to ensure compliance with the GDPR. The team consults its SAP ERP system and decides to conduct interviews with all 200 departments that emerge from this system. From Research to Management, and from HR to Marketing; how do employees actually handle personal data and why? What are their responsibilities and legal grounds? At this stage, the university concludes that at least 945 privacy-sensitive processes must be delineated. However, the number of processes proves to be dynamic and frequently increases due to the growth in data handling.
It soon becomes apparent that Excel offers insufficient features to clearly visualize all these data, including the inability to link them to each other, to the processes and applications. Maintaining control and complying with regulations requires more than static Excel lists. As a result, the Digital Freedom and Privacy department starts looking for an organization-friendly solution. One single location to record information about data handling. Organization-friendly particularly refers to a tool that eases communication. In addition, the department searches for a solution that is able to link the GDPR to the common reference language for educational institutions: HORA. Architectural reference languages stimulate good communication about desired IT structures and provides insight into the impact of changes that the GDPR will have on the provision of information.
Frank van Dijk, Innovation Manager Erasmus University
“BlueDolphin stimulates the data-driven movement that is now popular within the EU. The software’s user-friendliness ensures work is carried out across departments. Moreover, we can now make decisions based on data rather than assumptions. With measurable data, one can quickly get down to the actual content and thus innovate more quickly”