IG1267 eTOM and GDPR Mapping v1.0.0

This guide proposes enrichment to three domains of eTOM in support of the full scope of General Data Protection Regulation (GDPR) compliance across eTOM business process map. First, we are proposing the Customer domain to be enhanced to address the processes that ensure the rights of the customer, as a data subject, over their personal data, while equally addressing the ongoing organizations need to acquire, process and store data. Second, we propose the Business Partner domain enhancements that address concerns related to both data subjects, data processing and compliance mandates. Service providers work with different partners (Roaming, Distribution, Interconnect, Retailers etc.) in realizing their strategies, therefore the need to address the implications of exchanging data with with their partners is an important privacy compliance requirement. Lastly, we expand the Enterprise domain with required activities that support operationalize privacy management across the enterprise.