findability day 2016 - what is gdpr?
TRANSCRIPT
![Page 1: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/1.jpg)
![Page 2: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/2.jpg)
gregorycampbell
IBM
![Page 3: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/3.jpg)
© IBM Corporation 2016
October 2016
These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law
General Data Protection RegulationFindability DayMaria Sunnefors – Findability Business Consultant, Findwise
Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics
![Page 4: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/4.jpg)
© IBM Corporation 2016
Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics
Maria Sunnefors – Findability Business Consultant, Findwise
General Data Protection RegulationFindability Day
![Page 5: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/5.jpg)
© IBM Corporation 2016
General Data Protection Regulation Background and Overview
These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law
Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics
![Page 6: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/6.jpg)
© IBM Corporation 2016
The General Data Protection Regulation (GDPR) was published on 4 May 2016, and will be immediately applicable after a 2 year transition period on 25 May 2018 to any organisation which operates in the EU market
Introduces cross-industry 72H breach reporting to regulators and without undue delay to individuals with associated risk of severe reputational harm
Non-compliance has the potential to lead to huge fines of up to €20m or 4% of total annual worldwide turnover, so now is the time to build on the foundations you already have to ensure you Protect, Govern and Know Your Data
The General Data Protection Regulation (GDPR) Applies from 25 May 2018
![Page 7: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/7.jpg)
© IBM Corporation 2016
General Data Protection Regulation Technical Preparedness
These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law
Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics
![Page 8: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/8.jpg)
© IBM Corporation 2016
GDPR Technical PreparednessKey Duties, Obligations & Sanctions
Archiving
Legal
Curation Records & Retention
Administrative Finesfor Non
Compliance
Rights of EUData Subjects
Security of Personal Data
Lawfulnessand Consent
Accountabilityof Compliance
Designand Default
![Page 9: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/9.jpg)
© IBM Corporation 2016
GDPR Technical PreparednessKey Duties, Obligations & Sanctions
Archiving
Legal
Curation Records & Retention
Administrative Finesfor Non
Compliance
Rights of EUData Subjects
Security of Personal Data
Lawfulnessand Consent
Accountabilityof Compliance
Designand Default
Rights of EU Data Subjects• Enhanced rights for data subjects in the EU
including erasure, access and portability Maintain data quality, amending, manipulating,
erasing and exporting it into usable formats in both structured and unstructured environments
Security of Personal Data Need to ensure a level of security appropriate to
the risk including 72H breach reporting Implement pervasive and intelligent internal and
external network defences and restrictions to reduce data risks, including data minimisation, pseudonymisation and encryption techniques
Lawfulness and Consent• Processing is only lawful if there is one of consent, necessity, legal obligation, protection, public interest, official authority or legitimate interest Keep data subjects informed and manage requests in a transparent, efficient and effective manner, and consider appointing a DPO
Accountability of Compliance• Need to demonstrate compliance with the
principles relating to personal data processing pervades throughout the GDPR
Consider how compliance can be proven, including data protection impact assessments, codes of conduct and proactive certification
By Design and By Default• Data controllers must implement technical and
organisational measures which demonstrate compliance with GDPR core principles
Plan for this in the long term e.g. instrument and manage data syndication and data lineage
Administrative Fines for Non-Compliance Regulators can impose Administrative Fines of up to €20m or 4% of total annual worldwide turnover, whichever is higher Additional powers also/ alternatively available to regulators, including gaining access to data and premises, and to auditing
![Page 10: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/10.jpg)
© IBM Corporation 2016
General Data Protection Regulation Architectural Preparedness
These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law
Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics
![Page 11: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/11.jpg)
© IBM Corporation 2016
GDPR Architectural PreparednessBroad Requirements & Broad Capabilities
Lawfulness and Consent
Designand Default
Rights of EU Data Subjects
Lawfulness and Consent
Accountability of Compliance
Security of Personal Data
Administrative Finesfor Non
Compliance
Rights of EUData Subjects
Security of Personal Data
Lawfulnessand Consent
Accountabilityof Compliance
Designand Default
![Page 12: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/12.jpg)
© IBM Corporation 2016
GDPR Architectural PreparednessSolution Framework
Dynamic Policy Management:
Define what, why, how long
Data Infrastructure:
Control use, align cost to
value
Implementation Services:
Distribute policies to data sources
Data Management
Email Servers
User Devices & File
SharesECM & Collaboration
ArchivePlatform
Master Data
Cloud & Social
Databases &Data Warehouse
HadoopPlatform
Lawfulness and Consent
Designand Default
Rights of EU Data Subjects
Lawfulness and Consent
Accountability of Compliance
Security of Personal Data
P o l i c i e s R u l e s A u d i tP r o c e s s e s An a l y s e s
Security &
Com
pliance Monitoring
![Page 13: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/13.jpg)
© IBM Corporation 2016
IBM Case Manager
GDPR Architectural PreparednessSolution Framework – IBM Technology
Dynamic Policy Management:
Define what, why, how long
Data Infrastructure:
Control use, align cost to
value
Implementation Services:
Distribute policies to data sources
Data Management
Email Servers
User Devices & File
SharesECM & Collaboration
ArchivePlatform
Master Data
Cloud & Social
Databases &Data Warehouse
HadoopPlatform
Lawfulness and Consent
Designand Default
Rights of EU Data Subjects
Lawfulness and Consent
Accountability of Compliance
Security of Personal Data
P o l i c i e s R u l e s A u d i tP r o c e s s e s An a l y s e s
Security &
Com
pliance Monitoring
InfoSphereIBM Atlas
Optim
![Page 14: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/14.jpg)
© IBM Corporation 2016
General Data Protection Regulation First Steps
These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law
Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics
![Page 15: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/15.jpg)
© IBM Corporation 2016
First StepsTowards GDPR Preparedness
Decide on your strategy and achieve board level endorsement
Identify and assess key areas of risk by means of an appropriate assessment
Data mapping
Data and Data Source Discovery including:
Identification of sensitive data
Assessment of information handling procedures
![Page 16: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/16.jpg)
© IBM Corporation 2016
General Data Protection Regulation Content Inventory
These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law
Maria Sunnefors – Findability Business Consultant, Findwise
![Page 17: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/17.jpg)
Content InventoryWhat is where?
![Page 18: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/18.jpg)
![Page 19: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/19.jpg)
Content InventoryWhat is where?
Phase 1: Scoping
Phase 2: Discovery
Phase 3: Analysis
Patterns and sources.
Explore.
Compliance?
![Page 20: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/20.jpg)
Phase 1: ScopingWhere to look and what to look for?
Identify source and content
owners. Identify and prioritize sources.
1 2 3 Identify patterns to look
for.
![Page 21: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/21.jpg)
Phase 1: ScopingWhere to look and what to look for?
Social security numberaaa-gg-ssss
NameAaaaa Aaaaaaa
Phone numbers0xx - xxxx xx xx, 0xxx xx xx xx
IP addressaaa-gg-ssss
Date of birthYYMMDD
E-mail [email protected]
![Page 22: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/22.jpg)
Phase 2: DiscoveryWhat is where?
displaysearch
index
![Page 23: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/23.jpg)
Phase 2: DiscoveryWhat is where?
![Page 24: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/24.jpg)
Phase 3: Analysis
o Source by sourceo Explicit consent?o Processes and routineso Legal advice
Risk and compliance
![Page 25: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/25.jpg)
We have to care and act!Create awareness
Know your data
Data protection is a good thing!
Allocate resources
Findwise Content Inventory
![Page 26: Findability Day 2016 - What is GDPR?](https://reader033.vdocuments.us/reader033/viewer/2022051709/587706e61a28ab890e8b5893/html5/thumbnails/26.jpg)
© IBM Corporation 2016
October 2016
These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law
General Data Protection RegulationFindability Day – Thank You!Maria Sunnefors – Findability Business Consultant, Findwise
Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics