Nightmare 1 – Competing with newer and nimble competition, who have better and more modern business models

New start up companies are generally more nimble that established companies, but are more fragile and prone to failure once the venture capital money runs out.
New start up companies may end up being very successful capturing customers without needing all the baggage of older more establish companies.
However when they are successful (which is not guaranteed) they can be very profitable and become a takeover target.
When is the best time to acquire them and gain value from them? Will they be worth it? Will they be a good cultural match with your company?

The answer is to use Enterprise Architecture for performing due diligence on them and determining value, business fit and technical fit.
Model the current state Architecture of each company in a merger, then define a single target architecture for the proposed new merged company.
Plan the business transformation with an EA Roadmap.

Nightmare 2 – Dealing with the Effect of Regulatory changes

What will be the impact on political change to the market and a new international trading environment with BREXIT?
How can we ensure the company remains profitable during the transition period, as well as afterwards?
Can we implement the new EU GDPR regulations in good time to avoid the heavy fines? Is your company already very late in starting a GDPR implementation?

The answer is to already be using Enterprise Architecture to understand your current baseline architecture, understanding all the various components in your business, all the connections between data and processes, and all the connections between processes and applications. This will enable you to design your target architecture to implement GDPR compliance.
It’s so much easier with enterprise architecture than starting from a blank model.

Nightmare 3 – Engaging more customers with digital architecture approaches

What is digital Architecture anyway? Its a nice buzz word and everyone will say that they are going digital, but few really understand it.
It is a very fuzzy term.
Is digital technology enough in itself, or is a culture change to the business also needed? The answer to that question will be yes.
It really represents an entirely new way of doing business, not simply new technology.
Digital is about getting closer to your customers, who are adept at using mobile devices, tablets and eCommerce websites to engage with you and your competitors.
Their customer journeys and scenarios are important to understand. An outside in approach is mandatory not optional.

The answer is to use enterprise architecture to understand the market environment, your competitors, your customers as well as your own company.
This needs to be from both business and technology perspective.
If you don’t understand what is happening then how will you be able to compete?

Nightmare 4 – Developing new Strategies and Innovations

Its hard and difficult to develop new strategies. Most CxOs are not really that confident in doing it.
Too often conventional strategy fails. A few one line strategic statements are not particularly actionable.
The dynamic dependencies and manoeuvres are all multidimensional. Companies need greater situational awareness.
How do we deal with dependencies between strategies? Are you being reactive or pro-active?
Is simply copying your competitors strategy a good plan? Or only a focus on mitigating Risks, Issues and Challenges?

The answer is to use enterprise architecture approaches to model your strategic situation, converting strategies into an actionable EA roadmap.
Using Business Models, Wardley Mapping, Business Capability models and Business Motivation Models is a good start for evaluating the pros and cons of strategies.

Nightmare 5 – Managing change – maintaining business agility and speed of change

Everyone wants Faster, Better, Cheaper but its still only possible to achieve 2 out of 3 of those! Is there a silver bullet? No, only in Vampire movies!
There is the lure of Agile, but does it work? Will business agility be achieved by developers using Agile methods for development? Probably not.
There is also the lure of DevOps, but is this just the latest fad? Does it work in all circumstances? How will these work with Lean and 6Sigma approaches?
In reality Agile and DevOps are not the silver bullet for organisations wanting things faster, cheaper and better. Think ‘Horses for courses’.
What about a roadmap for future changes and balancing out the needs of Digital Architecture and your business capabilities.

This will take enterprise architecture and planning, not just agile development. For true Business Agility, your organisation will need to properly plan its future using Enterprise Architecture.
Long term strategic planning, enterprise architecture and road-mapping are always needed.

Nightmare 6 – Growing new business, new Products and Business Services

Many businesses simply think of growth in terms of increased sales, but it’s also important to maintain profitability and viability.
It’s important to have the appropriate business models and think about your value propositions, not just for new customers but for existing customers.
Why not create a Business Model to explore how your customers and competitor work?

The answer is to use enterprise architecture to model your business with a Business Model Canvas and Business Scenarios. Business Scenarios are answering ‘what if’ questions about the future, and how you should prepare. There can be multiple business scenarios for after BREXIT for example, and companies must be prepared for any of them.

Nightmare 7 – Managing Costs and Risks

It’s always more expensive that you thought to improve things. Nothing is ever simple.
Aim for simpler but no simpler. Aim for low risk and low costs, but trade off the risks for market share and share of the customers wallet.
Think of the law of Requisite Variety. And of balancing your problems with your responses.

The answer is to use enterprise architecture for tracking costs, efficiencies, total cost of ownership, balancing the relationships between cost and revenue items, and between risks and mitigation activities. Enterprise Architecture is inherently a cross disciplinary and multi-dimensional approach and usually no single change will solve the issues.
And don’t forget that if you don’t measure anything, then you can’t manage it!
Ensure that you are taking an enterprise investment view of all your new initiatives and change portfolios. Is every initiative actually worth investing in?
Will everything make a profit for your company? When is the best time to invest in change? What are the dependencies between investments in change?


Working out your strategic direction, ensuring that the right initiatives are invested in and ensuring that these are executed properly is exactly what enterprise architecture is used for.
It’s not just about better IT, but about planning a better future for your business, keeping it viable in the long term, helping to make the appropriate fact based decisions.
An enterprise architecture repository is the knowledge base to provide you with answers to your questions.

Enterprise Architecture helps you get on top of business transformational nightmares, to avoid those feelings of anxiety, fear, uncertainty and doubt.

And helps the CEOs sleep better at night.


By now most companies should have heard about the new EU General Data Protection Regulations (GDPR).

The deadline is looming ever closer, and there are some hefty fines for companies that fail to implement it. The penalties for not complying with the legislation are potentially going to put a huge dent in your profits and viability. These include fines of up to €20 million or 4% of annual global revenue. This is then a huge reason for your company to be using Enterprise Architecture to deal with the GDPR changes.

And GDPR does not just have to be affecting European based companies, it applies to any company dealing with European citizens. And what’s more, even BREXIT won’t help. The UK government is already committed to GDPR after BREXIT. Sorry!

Companies that already have a healthy and strategic Enterprise Architecture Capability will be in a much stronger position. I don’t just mean EITA here of course, but real Enterprise Architecture.
GDPR is not just about IT change, but also about business change. Your existing Enterprise Architecture models will make it very much easier to identify the impact of the EU GDPR regulations, using new attributes and heat maps on existing catalogues, matrices and diagrams.

Purpose of GDPR

The purpose of GDPR is to improve on the previous data protection rules. In this digital eCommerce world, this is absolutely essential. This is no longer a so called box ticking exercise but a cultural change in mindset and levels of trust and integrity.
Companies, such as UBER, can no longer be blase and hide being hacked for months and losing huge amounts of customers personal data, without coming clean about it, and consequentially stopping it happen again.


The aim of the General Data Protection Regulations is to ensure that personal data is stored with customers informed consent, where the customer knows for what purpose data about them will be used and for how long it will be kept. Customers will want to know how their personal data is being used afterwards, especially after a merger or acquisition. What, for example does Facebook plan to do with WhatsApp data now that it has acquired Facebook?
It is certainly not transparent, is it? A customer might have trusted WhatsApp, but do they still trust the new owners Facebook? Facebook seems to be increasingly pushing fake news and becoming more political, which is troubling. Don’t just worry about SkyNet but also about Big Brother.

GDPR has been introduced to help companies be honest and increase their data security and their overall integrity. Luckily Enterprise Architects are already skilled at providing details about party data, data models, data flows and data security to support information security audits and personal impact assessments, and other regulatory requirements.

Something like GDPR is exactly the kind of strategic change scenario that Enterprise Architecture is designed to support.
What are the requirements? How do they affect the various EA domains? Strategy, Business Architecture, Information and Data Architecture of course, Services and Application Architecture and also the technology and infrastructure Architecture, where the personal data will be stored.
The same considerations apply whether the data is stored on premises or in the cloud. Enterprise Architects now need to build privacy by design.

Organisations will need to know why the data is needed? Is it always really needed, or is it just for future cross selling and data analytics?
Is that personal data compliant with GDPR? Probably its not longer compliant. Who uses the personal data? What business processes are involve? Too many process models that I’ve seen fail to show access to read and update data objects in their process models, let alone the business events that re related to customers data. What data services are involved? What applications need to be upgraded or replaced? I expect many package applications are being updated to ensure their compliance with GDPR. How do we ensure visibility of data to the customers, in the background of continual changes?
How do companies prove that they are being honest with customers data and especially how do they keep customers informed? If customer data increasingly has a value, then how will customers gain value from how companies use their data without their informed consent?

The Enterprise Architecture repository should already be able to answer all of these questions.
If not then why not? If not now, then when?

Companies without any credible Enterprise Architecture will be in a huge disadvantage and have to rapidly catch up. It’s never too late.
And once again, this is not simply about IT Architecture or just Data Architecture, it’s about the whole enterprise. The enterprise will include partners and suppliers as well. You will need to know what your contractors are doing with customers personal data.

In many organisations, the application architecture is only about so called Business Applications, that are approved and managed by the IT department. You also have to model the End User Computing (EUC) applications like those Excel spreadsheets, Access Databases, Sharepoint tables and Cloud databases (like Box, DropBox, Google Drive etc) that business users have created (unbeknown to IT) in order to do their job outside the main business applications. These EUC applications and databases must also be considered.

EA Governance and Compliance

Enterprise Architects, Business Architects, Risk Managers and Compliance Managers are in a strong position to assist the business to review their existing data flows and applications against the GDPR requirements.


Companies with an Enterprise Architecture capability will also normally have set up an EA Governance and Compliance capability. For GDPR, the Strategies, Goals, Objectives, Measures, Policies, Business Rules and Governance organisation structure need to all be reviewed and enhanced.
The Enterprise Architecture team should already be playing a key role in these EA governance bodies, the Architecture Governance Board of strategic changes and in ensuring compliance with policies, rules, patterns and standards in a Technical Design Authority.

Risk management and Audit processes also need to be reviewed and updated. Enterprise Architects are usually involved as key stakeholders for these. Are there adequate controls and monitoring of events? Is the data secure against hacking and accidental loss?

Enterprise Architecture Modelling

As per any enterprise architecture work, you need to identify the current and target architectures, identify gaps and change initiatives and then plan a roadmap of those changes. Heatmaps for GDPR related changes are an essential way to identify and prioritise GDPR changes needed.

After Enterprise Architecture changes for GDPR, then it is important to maintain continual operation, monitoring and reporting, so that the target Enterprise Architecture will need to include new end to end processes, roles and responsibilities for the business, to ensure continual compliance. Is data being captured with consent and a clear purpose, fully communicated to customers? ‘Security by Design’ is the new normal. This requires enterprise architects, compliance managers and C level executives to build compliance into the design of all current and future Enterprise Architecture models.

Enterprise Architecture models need at minimum, to review the following deliverables:

  • Data Catalogue
  • Data Model diagram
  • Process model
  • Process flow diagrams (Event-driven Value streams)
  • Application Service models (Catalogues and Diagrams)
  • Application model (Catalogues and Diagrams)
  • Application Integration/Flow diagrams
  • Data storage models (Databases, Data stores, Messages)
  • Data flow Diagrams
  • Infrastructure Service Catalogues
  • Infrastructure Component Catalogues
  • Infrastructure Diagrams

What are the key Changes for GDPR?

Compared to the current data protection framework under the Data Protection Act 1998, the GDPR will bring a number of important changes and enhancements including:

  • Increased accountability and greater level of responsibility within organisations to ensure that personal data is fully protected and processed according to the regulations
  • More data will be classified as customers personal data, not just in normal databases but also in EUC component and in Cloud data storage
  • New internal role of a Data Protection Officer
  • External Roles outside the company will also be regulated, such as contractors, partners and service providers
  • Eye-wateringly high cost of non-compliance
  • New requirements for notification of data losses through hacking and lack of compliance
  • Greater rights for customers to understand how their data is to be used, to give their informed consent, and to make future requests to change their consent
  • Risk Assessments
  • Privacy Impact Assessments

See also

Benefits of GDPR

What are people expecting your company to do with their data? It’s about re-establishing your customers’ trust, and that you won’t change your mind and do something different or evil with their data. This trust will provide an increased business advantage for companies that get it right.

If a company cannot demonstrate that they are using Enterprise Architecture to achieve compliance with GDPR, then they are risking their reputation, which ultimate means less business and less profits.

With Digital Architecture, companies are designing their business with an Outside -In approach, designing their value proposition around what customers really want in their customer journeys.

GDPR is essentially designing the Outside-In approach for the protection of customers private data.

Enterprise Architecture perspectives

From an Enterprise Architecture perspective you need to ensure that:

  • Decision makers and C level executives are aware that the law is changing to the GDPR and time is running out to plan the changes
  • They use Enterprise Architecture to drive this as a strategic change, with new initiatives to be designed in the target Enterprise Architecture model and managed in the EA Roadmap
  • There is full knowledge of how information and data is managed, flows around the company and is changed by processes, services and applications
  • New business processes are created to handle customers new rights
  • Enterprise Architecture is used to managed and rapidly create an EA roadmap for strategic changes needed
  • A new meta model is designed to include customers consents, breach events and other change events
  • New business processes are created to handle data breaches and GDPR reporting requirements
  • Risks, issues and mitigations are well modelled
  • New Application Services are created
  • New package Applications are procured, which have updated support for GDPR data and processes


Yes, it’s a big strategic piece of work to do, with a May 2018 deadline that is getting ever closer, but luckily Enterprise Architecture is designed for managing just this kind of strategic change scenario.

So to avoid GDPR fines in 2018, start using Enterprise Architecture now, to plan and execute the strategic changes needed.

It makes sense!

How can you not already be using Enterprise Architecture?

%d bloggers like this: