GDPR processes do not stand on their own.
If you have implemented the instruments that GDPR is providing to get data privacy under control in your organisation, you surely added new processes and standard procedures for managing privacy requests, data breaches and risks.
>As these are being used, very quickly, one realizes that these new processes are part of overall business processes and that they are running over different departments.
They interact with other processes, and with people in other departments. And, of course, other terminology is used. Take the example of interaction of the departments of compliance and IT. A data breach process will need an intervention of the IT team that will call this an incident process with different statuses. They will see tasks assigned related to privacy requests or data breaches and where GDPR is putting stringent and ambitious deadlines.
It must be no surprise that, if our favourite and most common communication means (e-mail) is used to exchange information and tasks, confusion is created, answers are coming in too late and deadlines are missed. Also, this leads to an unnecessary overload in coordination and administration tasks.