Main
Log in

Governance & Planning

Conclusion: The General Data Protection Regulation (GDPR) legislation being introduced by the European Union (EU) in May has ramifications to organisations worldwide.

Australian organisations that have already invested in ensuring that they comply with the Australian Privacy Act 1988, and have a robust privacy management framework in place, may find that they already comply with aspects of the EU’s GDPR. However, GDPR does have more stringent requirements including requirements that are not within the Australian requirements, so effort and investment will be required by organisations that need to comply with GDPR.

When considering an organisation’s position and defensibility in terms of whether they complied or not, organisations will need to develop an understanding of the specific requirements, and how exactly they have implemented “technical and organisational measures to show that they have considered and integrated data protection into their processing activities”1.

Related Articles:

"Understanding GDPR requirements Part 4: Data portability" IBRS, 2018-06-01 04:21:44

"Understanding GDPR requirements – Part 3" IBRS, 2018-05-04 18:57:12

"Understanding General Data Protection Regulation requirements Part 1" IBRS, 2018-03-06 06:57:37

Conclusion: Driving cultural change and managing the impact of change across an organisation when implementing a new business application is a key challenge for the leadership, including the CIO. By adopting change management practices, a business can increase its projects’ rate of success and user adoption of the new technology and business processes from 16 % up to 96 %1.

With the implementation of business applications or tools such as a new ERP finance system, HCM/HRIS payroll system or a new CRM system, the business users’ roles and day-to-day business processes can be significantly changed. Assessing and addressing the change impact with the employees during the planning phase and during the project implementation will increase the user adoption rates.

Conclusion: Organisations everywhere are implementing Agile as a dynamic approach to speed up the creation of value and improve development of new and improved services and products. Adopting a best practice such as Agile is more than learning a new process and skill and then applying it in a project environment. Implementing Agile in an established organisation means that there are often a number of other frameworks, best practices and procedures that will need to co-exist with Agile. It is critical to consider these elements and adjust them to ensure that Agile is effective in delivering the value and benefits expected and is not another “best practice” fad.

Conclusion: Business leaders should convert recent global interest in AI applications, safety and effectiveness into AI governance guidelines in the exercise of their triple bottom line responsibilities (for profit, social responsibility and sustainability) as outlined in IBRS research note, “The emerging need for IT governance in artificial intelligence”1.

AI includes a very broad range of technologies being applied in virtually all industries. This means that the use of AI in both IT and operational technologies2 (OT) requires C-level attention and supervision.

Conclusion: Project management in organisations is commonplace. Reviews are often undertaken at the end of the project to gain learnings for future projects. Project reviews completed during the life of a project need to ensure that they are inclusive of appropriate stakeholder groups and assessment is targeted at the appropriate focus areas. Active and inclusive review and assurance activities need to be well understood and supported within the organisation so that it is not viewed as an exam that needs to be prepared for and passed. Applying reviews and assurance as a process checkpoint only is ineffective and will not ensure quality project delivery.

Conclusion: The forthcoming General Data Protection Regulation (GDPR) is new legislation being introduced by the European Union, which does have ramifications for organisations worldwide.

Being new, there is still a lot to be learned about what exactly some of the specific requirements will mean in practice and how they will impact organisations in being able to show that they have understood and completely complied with the regulation.

When considering an organisation’s position and defensibility in terms of did they comply or not, organisations will need to develop an understanding on the specific requirements, and how exactly they have implemented “technical and organisational measures to show that they have considered and integrated data protection into their processing activities”1.

Related Articles:

"Understanding GDPR requirements Part 4: Data portability" IBRS, 2018-06-01 04:21:44

"Understanding GDPR requirements – Part 3" IBRS, 2018-05-04 18:57:12

"Understanding GDPR requirements: Part 2" IBRS, 2018-03-31 07:03:46

Conclusion: Consolidating information systems after a MoG change or a company acquisition is not only risky but also likely to be expensive. The problem is compounded when the benefits expected from the merger are out of reach or, in the case of a company acquisition, the buyer has paid too much, and the stakeholders are demanding accountability.

To maximise the probability of a successful merger from a business systems perspective, do not take claims made of the ICT systems’ integrity at face value. Verify them and develop plans to integrate the systems where feasible, while minimising risks and retaining skilled IT and business professionals.

Conclusion: While there was significant media attention on artificial intelligence and blockchain in 2017, the primary concerns of Australia’s CIOs remain focused on the more pressing issues of migration to the Cloud, and its impact on IT operations and staffing. Where discussions of artificial intelligence play a role is in automation processes and workforce transformation.

Conclusion: Achieving the ability to comply with the new European General Data Protection Regulation is seen as a costly and burdensome overhead adding a new layer of complexity to how organisations will need to manage and secure Personally Identifiable Information (PII) records kept by them.

However, organisations should view the potential benefits of being able to use obtaining and maintaining the ability to comply with GDPR as an opportunity to justify investments in technologies, process improvements and people to deliver better overall outcomes for the organisation.

Rather than simply focusing on doing what is required to be able to comply, focus should be on using the opportunity to update tools and processes to improve organisational efficiencies, reduce costs, increase customer and employee loyalty, and improve productivity.

Conclusion: AI includes a very broad range of technologies being applied in virtually all industries. AI is being used in new stand-alone services like real-time language translation1 or extensions of existing common IT applications such as the increasing use of chatbots in contact centres or recommendation engines in digital marketing.

This means that the use of AI in both IT and operational technologies2 (OT) requires C-level attention.

Business leaders will need to convert recent global interest and agreements in AI safety and ethics into AI governance guidelines in the exercise of their triple bottom line responsibilities (for profit, social responsibility and sustainability).

In the News

Busting The Three Big Cloud Myths - WHICH-50 - 11 June 2019

Organisations that are resisting the shift to cloud computing are often basing their decisions on common misconceptions around security, price and integration. That’s a key finding in a recent...
Read More...

ANZ business users calling the shots in ICT decisions

Conducted by Australia’s Intelligent Business Research Services (IBRS) and commissioned by TechnologyOne, the survey of 261 business leaders in ANZ has shown that business functions are having more...
Read More...

Managed security: a big gamble for Aussie IT providers - CRN - 02 August 2018

TechSci Research estimates the Australian managed security services (MSS) market will grow at a CAGR of more than 15 percent from 2018-23 as a result of the increased uptake of cloud computing and...
Read More...

Kids, Education and The Future of Work with Dr Joseph Sweeney - Potential Psychology - 25 July 2018

What is the future of work and how do we prepare our kids for it? Are schools and universities setting kids up for future success? Does technology in the classroom improve outcomes for kids? Should...
Read More...

PageUp starts rebuilding and looks to learn lessons after data breach nightmare - AFR - 27 June 2018

The timing couldn't have been worse for PageUp; two days before Europe's new data protection regime came into force the Melbourne-based online recruitment specialist's security systems detected...
Read More...

Subscribe to IBRS Updates

Invalid Input
Invalid Input
Please enter a valid email address
Please enter your mobile phone number
Invalid Input

Get in-context advice from our experts about your most pressing issues or areas of interest

Make an Inquiry

Sitemap

Already a subscriber?

Login to read your premium content.

        Forgot your password?
Recently Viewed Articles
Related Articles