geek sync | tackling key gdpr challenges with data modeling and governance

1© 2017 IDERA, Inc. All rights reserved.

TACKLING KEY GDPR CHALLENGES

WITH DATA MODELING AND

GOVERNANCE

NOVEMBER 08TH, 2017

Sultan ShiffaSenior Software Consultant, Enterprise Architecture & Modeling

[email protected]

2© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 2© 2017 IDERA, Inc. All rights reserved.

AGENDA

GDPR Overview Implications for organisations• Principles and conditions for personal data

and its processing• Consent management• Individual rights• Privacy by design• Data security and breach notification

IDERA’s Enterprise Data Architecture Solution Tackling GDPR challenges with EDA Solution


GDPR Overview


GDPR OVERVIEW

Effective from 25th of May, 2018 Replaces directives like DPA and country

data protection laws Applies to:• Personal data• Sensitive personal data• Global

Fines – 20 Mio. Euros or 4% annual worldwide turnover (up to the greater)


Implications for organisations


PRINCIPLES OF PROCESSING PERSONAL DATA

UNDER GDPR – ARTICLE 5

• Processed lawfully, fairly and in a transparent manner in relation to individuals

• Collected for specified, explicit and legitimate purposes• Adequate, relevant and limited to what is necessary in

relation to the purposes for which they are processed• Accurate and, where necessary, kept up to date• Kept in a form which permits identification of data subjects

for no longer than is necessary for the purposes for which the personal data are processed

• Processed ensuring appropriate security of the personal data


CONDITIONS FOR DATA PROCESSING

• Consent of the data subject• Processing is necessary for :• For the performance of a contract with the data subject or to

take steps to enter into a contract. • For compliance with a legal obligation. • To protect the vital interests of a data subject or another

person.• For the performance of a task carried out in the public

interest or in the exercise of official authority vested in the controller


CONSENT CHANGES UNDER GDPR – ARTICLE 6

• Consent must be freely given, specific, informed and unambiguous

• Consent requires some form of clear affirmative action. Opt out or silence does not constitute consent

• Consent must be demonstrable. Some form of record must be kept of how and when consent was given.

• Individuals have the right to withdraw consent at any time.• All current processing that uses consent should be reviewed to

ensure it meets the GDPR requirements.


NEW INDIVIDUAL RIGHTS UNDER GDPR

• The right to be informed – usually via Privacy notices• The right of access –• The right to rectification• The right to erasure – also known as the right to be forgotten• The right to restrict processing• The right to data portability• The right to object – includes profiling, direct marketing and

processing for research• Rights in relation to automated decision making and profiling.


PRIVACY BY DESIGN UNDER GDPR AND DPIA

Control exposure to personal data DPIA is under the GDPR a legal requirement and high-risk

situations require ICO consultancy DPIA at project start ensures privacy by design, compliance with

legislation and that systems are built with security from outset and risks are managed.

Better and cheaper solutions as adding in good security at a later date can be costly

.


DATA BREACH NOTIFICATION UNDER GDPR

GDPR introduces a duty on all organisations to report on data breach to supervisory authority, and in some cases to the individuals affected.

A personal data breach = destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

Risky data breaches will need to be reported to supervisory authorities and individuals notified directly.

Breach notification within 72 hours and internally to the organisation.

Failure to report a breach can also result in fines.


IDERA’s Enterprise Data Architecture

Solution


IDERA’S ER/STUDIO ENABLES ENTERPRISE ARCHITECTURE

Enterprise Enablement

Bu

sin

ess

Arc

hit

ectu

re

Ap

plic

atio

n A

rch

itec

ture

Tec

hn

ical

Arc

hit

ectu

re

Data Architecture


ER/STUDIO ENTERPRISE TEAM EDITION 2017


ER/STUDIO TEAM SERVER: ENTERPRISE COLLABORATION


Tackling GDPR challenges with EDA

solution


ENTERPRISE DATA ARCHITECTURE VS. GDPR


TACKLING GDPR WITH ENTERPRISE DATA

ARCHITECTURE

• Create and maintain awareness towards GDPR compliance across the organization

• Understand the current data landscape for better GDPR compliance

• Check existing processes & procedures regarding currency towards GDPR

• Review privileges and accountabilities to data and its flow

• Document individual rights• Security management and data breach notification• Data governance, collaboration and data protection

impact assessment


CREATE AWARENESS


UNDERSTAND THE DATA LANDSCAPE


SAP, S/4HANA, SAP BW

SALESFORCE

ORACLE EBUSINESS SUITE

SIEBEL

PEOPLESOFT

JE EDWARDS

MS DYNAMICS AX

OTHER PACKAGED

APPLICATIONS

METADATA

EXTRACTIONSEARCH

FILTER

SCOPE

ANALYSE

VISUALISE

COMPARE

CREATE

REPORT

RESULTS

Fast software driven access to ERP and CRM metadata

Accurate and includes customisations

Intuitive analysis

Share results

UNDERSTAND THE DATA LANDSCAPE WITH SILWOOD’S SAFYR

– IDENTIFY, DESCRIBE & CATALOG APPLICATION METADATA

Broader reach of solution

Differentiator / Equaliser

Accelerate sales / overcome objection about CRM/ERP


CHECK EXISTING PROCESSES AND PROCEDURES

WITH ER/STUDIO BUSINESS ARCHITECT


REVIEW DATA PRIVILEGES AND ACCOUNTABILITIES


REVIEW DATA PRIVILEGES AND ACCOUNTABILITIES

WITH ER/STUDIO DATA LINEAGE AND ER/ETL


DOCUMENT AND MANAGE INDIVIDUAL RIGHTS


SECURITY MANAGEMENT AND BREACH

NOTIFICATION WITH ER/STUDIO DATA ARCHITECT


SECURITY MANAGEMENT AND BREACH NOTIFICATION

WITH ER/STUDIO BUSINESS ARCHITECT


DATA GOVERNANCE, COLLABORATION, DPIA


SUMMARY – ER/STUDIO ENTERPRISE EDITION

VS. GDPR

It meets data privacy and industry compliance by design and default. Leveraging integrated process and data modeling tools helps to setup

data governance and create awareness about GDPR, the rules and its business impact

Helps to discover existing systems and processes and new projects and maintain our data fields in line with the GDPR rules.

It gives organizations visibility into their applications, databases and processing activities holding critical information for GDPR compliance.

It serves as a collaboration platform for sharing information related to different applications and systems across the organization.

It helps to document and encourage discussions on data how organizations are complying with GDPR legislation within the organization and external regulators in case of an audit.


THANKS!Any questions?

You can find me at:[email protected]