Picture: How Decision Management Supports GDPR

Picture: How Decision Management Supports GDPR

A client recently asked about how Decision Management and Decision Modeling supports GDPR, “in a nutshell“.

I paused considering my usual answer, perhaps something like:

Decision Management is a means of bringing a company’s business policies and decision-making ‘into the light’, making decisions an explicitly-managed, corporate asset, expressed in a standard, transparent format.


This explicit, transparent medium can be used to capture, analyze and communicate exactly how a company’s operations depend on key data attributes and business knowledge.


This is done so precisely, the result, the decision model, is actually executable.


As a result, it’s much more accurate at supporting a GDPR Information Audit or Privacy Impact Assessment than traditional paper techniques like process/data mapping: the data dependencies of all your business decisions are directly traceable.

Instead I drew the diagram above, illustrating directly how the pillars of GDPR are supported by Decision Management. Sometimes a picture really does say a thousand words. But, if you are more interested in the thousand words, see below.

What is Decision Management

Decision management is a technique and technology stack that provides:

  • Transparency: renders business policy and operational decision logic transparent to business experts and analysts, for rapid improvement, by representing complex logic in standardized, easy to understand formats such as decision tables;
  • Business Orientation: makes operational business policies measurable and accountable to all stakeholders in terms of business performance indicators;
  • Agility: decision models are executable (but not code), supporting rapidly-evolving, model-driven definition of compliance needs;
  • Dependency Management: checks decision integrity and drives out all their data dependencies, confirming that decisions are used consistently and reliably and identifying all required data support;
  • Complexity Management: allows even the most complex decisions to be represented compactly without code.

As a result, it directly empowers any GDPR initiative by:

Understanding and Justifying Current Data Use

The GDPR Data Audit and Privacy Impact Assessment are directly supported by decision management, including ensuring you only process the data you really need and checking that this processing is lawful.

Decision management is a powerful technique for capturing, analysing and communicating, in detail, how a company’s operations depend on key data attributes and business knowledge. It’s much more effective at supporting a GDPR Information Audit or Privacy Impact Assessment than traditional techniques like process/data mapping because it helps you to identify and justify which data is needed, which is superfluous and the justification for both – even when data dependencies are hidden within white-box predicative analytics. Decision management and modeling keeps all stakeholders informed of the outcomes of this analysis.

Decision management also provides a formal background for assessing and labelling the sensitivity, criticality, accuracy, retention period, distribution constraints and timeliness needs for all data inputs as part of a GDPR PIA. It can document data sources and consent traceability.

Unlike paper process/data maps, decision models are executable. So the data dependencies they reveal always reflect what’s actually happening in your business systems.

Remediating Non-Compliance

Decision management is a powerful means of identifying, making and checking the data use changes mandated by GDPR.

Decision management also provides powerful impact analysis, so when non-compliant data use is discovered, or a subject requests restriction, the company can very quickly and accurately assess the scope and impact of the necessary changes to business operations. Because decision models are executable, these changes can also be rapidly deployed.

Servicing Customer (Subject) and Regulator Requests

Decision management and modeling can enpower requests for policy information, erasure or portability.

Decision management facilitates the transparent and open capture, representation and execution of complex logic: decision-making (both general policies and specific case histories), customer profiling logic (including analytics), consent acquisition, retention policies, deletion policies, distribution constraints, production of portable data and expression of EU state-specific rules and variations (e.g., how to treat minors). All of which allows stakeholders, regulators and subjects to have a clear view of the company’s policies and its behaviours with regard to a specific case. The latter is most relevant to article 22.

Testing and Maintaining Compliance

The open articulation of these business policies and the fact that decision management allows their effectiveness to be monitored also supports testing compliance and maintaining privacy. It allows for breach frequencies to be incorporated directly into an on-going measurement of the effectiveness of your approach.

Find out more about GDPR and Decision Modelling. Find out how we can help you with GDPR.

Overcoming the Challenges of Financial Decisions with DMN

Overcoming the Challenges of Financial Decisions with DMN

Join Lux Magi and business partner, Trisotech, to discover how Decision Management addresses the key risks of regulatory compliance. This webinar outlined the practical difficulties of supporting mandatory regulatory compliance in finance IT systems and described how a key technique of Business Decision Management—Decision Modelling—can overcome these challenges. The benefits of using the Decision Model and Notation (DMN) were also presented. (more…)

Introduction to Decision Modeling 6

Ahead of the publication of our joint book on Decision Modeling, to be released later this year, James Taylor and I have made a series of video shorts about business decision modeling. In this last video, James and I talk about real benefits that decision modeling using DMN delivered to our clients on some recent engagements. Specifically we discuss how the use of decision modeling:

  • Speeds up business rule and data requirements discovery, quickly identifying wrong assumptions and mistakes
  • Adds effective communication and consistency between teams and across projects
  • Improved business subject matter experts, analyst, developer and program manager engagement and ownership
  • Managing size, complexity and rapid change in business requirements
  • Improves the definition of the automation boundary
  • Gave better tracability between internal decision definitions and external regulations

Let us know what you think. Review the firstsecondthirdfourth and fifth posts of this series. Find out more about decision modeling and its benefits. Talk to us about decision modeling mentoring and training.

Invitation: Workshop on Enterprise Decision Modeling in Practice

Invitation: Workshop on Enterprise Decision Modeling in Practice

We cordially invite you to join us in Amersfoort, the Netherlands, for a workshop on how Decision Modeling can optimise your organisation’s management of its most fundamental and valuable asset: the business logic that controls the thousands of automated business decisions it makes every day. We will present case studies, based on real projects, that demonstrate the practical benefits of applying TDM and DMN to the management of business logic at an enterprise scale.

Click here now to find our more details and register for this free workshop in Amersfoort on Wednesday 28th January 2015 from 9am to 4pm. During this workshop you: will learn how The Decision Model (TDM), fortified by elements of the DMN, can be used to structure, manage and optimise your business logic; experience a walk-through of a real decision model and understand the benefits decision management brings at the enterprise scale. (more…)