gdpr journey: practical steps to compliance - affecto · 2 © informatica. proprietary and ......

1 © Informatica. Proprietary and Confidential.

`

GDPR Journey: Practical steps to compliance & business outcomesAndrew Joss

Head of Solutions & Data Governance – EMEA-LA


Disclaimer

Compliance with the GDPR will be based on the specific facts of an organization• ’s business, operations and use of data. This presentation provides a set of discussion points that may be useful in the development of an organization’s GDPR compliance efforts, and is not intended to be legal advice, guidance or recommendations. An organization should consult with its own legal counsel about what obligations they may or may not need to meet


GDPR Background


What’s all the fuss about?

From 25th May 2018, the new EU General Data Protection Regulation (GDPR) will require all organisations, that hold data related to EU data subjects, to more effectively manage data on their customers, employees, contacts and any other relevant persons


GDPR & Why It’s Important

What is it?

May • 2018, the European Union General Data Protection Regulation (GDPR) comes into full force to enhance protection of personal data

Why is it important?

Significant impact for organisations and how they manage data with some •potentially very large penalties for violations – 4% of global revenues

Impacts the storage, processing, access, transfer, and disclosure of an •individual’s data records

Who is affected?

These protections apply to • any organisation (anywhere in the world) that processes the personal data of EU data subjects


It• ’s not just a Security issue

It• ’s not just a Legal issue

It• ’s not just a Compliance issue

It• ’s not just a Risk issue

It• ’s not just a Data issue

It• ’s ALL of these, and more…

What GDPR is not?


• Why?

• Fines & reputational damage could be significant

• Drives benefits when approached properly

• To-Be model:

• Tick-box compliance or

• Business value add & privacy as a differentiator

• Challenge:

• Many businesses haven’t done enough preparation and won’t be sufficiently compliant

• What is it? The GDPR is:

• Possibly, the once in a generation opportunity to transform the way organisations are compelled to manage data

• Benefit:

• Avoidance of fines & reputational damage

• Supports digital transformation outcomes

• The opportunity:

• It’s got budget and Board / Legal support

• It impacts most organisations

GDPR – the potential for value Organisations don’t have long to fully develop their approach


May 2018 isn’t far away, so it’s time to get practical…

9 © Informatica. Proprietary and Confidential.9

Where do you from here?

With around 7 months to go and a clock that won’t stop

ticking…

…organisations are looking at solutions to automate

processing and cope with data at scale

As it’s a principles-based regulation, organisations

will have different views on what the problem is, so…

…look for entry points into your requirements and help your business understand

the upside

Break the data problem down…


… using some simple questions to understand the entry point(s)

Do you know what data you hold, who has access to it, and for what purpose?

Do you know how

will you manage

consents and data

rights?

Do you know how

you will protect your

data and ensure it

has the appropriate

controls?

Do you know

where all your in-

scope data is?


Informatica for GDPR Compliance Efforts

Capability: Data Governance

Lead Solution: Informatica Axon™

Capability: Consent

Mastering & Enacting

Rights

Lead Solution:

Informatica Master

Data Management

Capability: Archiving &

Anonymisation

Lead Solutions:

Informatica Data

Masking & Archiving

Capability: Sensitive

Data Discovery &

Risk

Lead Solution:

Informatica

Secure@Source ®


Data Governance

•Need: to understand what all the in-scope data is used for, why and by whom

•Why: so you understand how you’re aligning to the principles

•Common current approach: questionnaires, interviews and static documentation development – mostly done manually

•Approach drawback: inaccurate, time & resource consuming & often out-of-date


Collaborative Definition of Policies•

Definitions of Processes, Terms etc.•

Approval process within stakeholder group•

Publishing to entire organisation•

Link Policies to implementation artefacts & data•

Solutions for Intelligent Data Governance•

Lead solution: Informatica Axon•

Potential Stakeholders:•

Chief Data Officer•

Chief Information Officer•

Chief Risk/Compliance Officer•

Data Governance

Capability: Data Governance

Lead Solution: Informatica Axon

Capability: Consent

Mastering & Enacting

Rights

Lead Solution:

Informatica Master

Data Management

Capability: Archiving

& Anonymisation

Lead Solutions:

Informatica Data

Masking &

Archiving

Capability:

Sensitive Data

Discovery & Risk

Lead Solution:

Informatica

Secure@Source


Sensitive Data Discovery and Analysis

•Need: to understand where all the in-scope data is

•Why: so you understand the size & shape of the data problem

•Common current approach: review existing sources and send questionnaires

•Approach drawback: time & resource consuming, inaccurate & very often out-of-date


• Enterprise-wide data discovery & risk analytics

• In-scope Data discovery

• In-scope Data classification

• Proliferation analysis

• Multi-factor risk scoring

• Solutions for automated Sensitive Data Discovery and Risk scoring

• Lead solution: Informatica Secure@Source

Potential Stakeholders:•

Chief Legal Officer•

Chief Information Security Officer•

Chief Privacy Officer•

Sensitive Data Discovery & Risk AnalysisCapability: Data Governance


Capability: Consent

Mastering &

Enacting Rights

Lead Solution:

Informatica

Master Data

Management

Capability:

Archiving &

Anonymisation

Lead Solutions:

Informatica Data

Masking &

Archiving

Capability:

Sensitive Data

Discovery & Risk

Lead Solution:

Informatica

Secure@Sourc

e


Consent Mastering and Enacting Rights

• Need: to capture, manage and distribute consent

• Why: so you have captured the lawfulness of processing

•Common current approach: extend preferences capabilities

•Approach drawback: Functionally inadequate

• Need: to match and link data about each individual data subject

• Why: so you can easily respond to SARs, erasure etc.

• Common current approach: manually match data or basic rules

• Approach drawback: low match rate, false positive / negatives, slow


Enterprise• -wide Single View of a Data Subject

Data Subject data discovery•

Multi• -Domain (Customer, Employee, etc.)

Data record matching and linking•

Home for Consent Data Services•

Solutions to associate Consents with •Mastered Data Subjects

Lead solution: Informatica Master Data •Management

• Potential Stakeholders:

• Chief Marketing Officer

• Chief Data Officer

• Chief Privacy Officer

Consent Mastering and Enacting RightsCapability: Data Governance


Capability: Consent

Mastering &

Enacting Rights

Lead Solution:

Informatica

Master Data

Management

Capability:

Archiving &

Anonymisation

Lead Solutions:

Informatica Data

Masking &

Archiving

Capability:

Sensitive Data

Discovery & Risk

Lead Solution:

Informatica

Secure@Sourc

e


Archiving and Anonymisation

Need:• to put protections and controls around identified in-scope data

Why:• so you are demonstrating control over relevant data

Common current approach: • apply masking, deletion and archiving solutions as required

Approach drawback: • lack of targeted implementation, siloes of tools and implementations provides no holistic view


Enterprise• -wide Protection and Controls over data

Data deletion & retention•

Data masking•

Data archiving•

Solutions to automate Controls and the •Protection of data

Lead solution: Informatica Data Masking and •Archiving

• Potential Stakeholders:

• Chief Information Officer

• Chief Data Officer

• Chief Legal Officer

Archiving and AnonymisationCapability: Data Governance


Capability: Consent

Mastering &

Enacting Rights

Lead Solution:

Informatica

Master Data

Management

Capability:

Archiving &

Anonymisation

Lead Solutions:

Informatica Data

Masking &

Archiving

Capability:

Sensitive Data

Discovery & Risk

Lead Solution:

Informatica

Secure@Sourc

e


Informatica for GDPR Compliance Efforts

DATA GOVERNANCE: AXONPolicy definitions. Role assignments. Approval workflows for tasks and definitions.

CONSENT MASTERING &

ENACTING RIGHTS

• Single view of the subject

• Store consents and sensitive data

• Provide purpose-based perspectives to

the consuming applications

• Enacting rights: Access, rectify,

objection, portability, right to be

forgotten

MASTER DATA

MANAGEMENT

PURGE DATA WITH

ARCHIVING &

ANONYMIZATION

• Persistent and dynamic sensitive data

masking, in production and non-

production environments

• Archive sensitive data in a secure,

easily accessible data store

DATA MASKING &

ARCHIVING

SENSITIVE DATA

DISCOVERY &

ANALYSIS

Discover & classify sensitive data•

Data map and data proliferation•

Heat maps to detect high• -risk

areas to setup a protection plan

User access and activity•

Risk monitoring & management•

SECURE@SOURCE


What business value add is there?

Faster compliance reporting, faster data science,

optimised data risk, drives data as an asset

Faster delivery of

customer centricity and

digital transformation

programmes, data

superset for Market

purposes

Faster and more

secure application

testing, reduce costs

through data

minimisation

Faster data

discovery for other

policies, supports

breach prevention

initiatives

Reuse GDPR data capabilities as a platform for other requirements


Intelligent

Data Platform

ACLOUD

REAL TIME/

STREAMIN

G

BIG

DATA

TRADITIONA

L

DATA

INTEGRATIO

N

BIG DATA

MANAGEMENT

MASTER DATA

MANAGEMENTDATA

QUALITY

DATA

SECURITY

CLOUD DATA

MANAGEMENT

Products

Solutions

MONITOR AND MANAGE

CONNECTIVITY

COMPUTE

Enterprise Cloud

Data Management

CUSTOMER

360

DATA

GOVERNANC

E

REFERENCE

360

INTELLIGENT

DATA LAKESECURE@SOURCEPRODUCT

360

ENTERPRISE

INFORMATION

CATALOG

SUPPLIER

360

(ENTERPRISE UNIFIED METADATA INTELLIGENCE)

Informatica Intelligent Data Platform


`

GDPR Journey: Practical steps to compliance & business outcomesThank you for your time

Any questions?

gdpr journey: practical steps to compliance - affecto · 2 © informatica. proprietary and ......

Documents