Post on 21-Oct-2018
1 © Informatica. Proprietary and Confidential.
`
GDPR Journey: Practical steps to compliance & business outcomesAndrew Joss
Head of Solutions & Data Governance – EMEA-LA
2 © Informatica. Proprietary and Confidential.
Disclaimer
Compliance with the GDPR will be based on the specific facts of an organization• ’s business, operations and use of data. This presentation provides a set of discussion points that may be useful in the development of an organization’s GDPR compliance efforts, and is not intended to be legal advice, guidance or recommendations. An organization should consult with its own legal counsel about what obligations they may or may not need to meet
4 © Informatica. Proprietary and Confidential.
What’s all the fuss about?
From 25th May 2018, the new EU General Data Protection Regulation (GDPR) will require all organisations, that hold data related to EU data subjects, to more effectively manage data on their customers, employees, contacts and any other relevant persons
5 © Informatica. Proprietary and Confidential.
GDPR & Why It’s Important
What is it?
May • 2018, the European Union General Data Protection Regulation (GDPR) comes into full force to enhance protection of personal data
Why is it important?
Significant impact for organisations and how they manage data with some •potentially very large penalties for violations – 4% of global revenues
Impacts the storage, processing, access, transfer, and disclosure of an •individual’s data records
Who is affected?
These protections apply to • any organisation (anywhere in the world) that processes the personal data of EU data subjects
6 © Informatica. Proprietary and Confidential.
It• ’s not just a Security issue
It• ’s not just a Legal issue
It• ’s not just a Compliance issue
It• ’s not just a Risk issue
It• ’s not just a Data issue
It• ’s ALL of these, and more…
What GDPR is not?
7 © Informatica. Proprietary and Confidential.
• Why?
• Fines & reputational damage could be significant
• Drives benefits when approached properly
• To-Be model:
• Tick-box compliance or
• Business value add & privacy as a differentiator
• Challenge:
• Many businesses haven’t done enough preparation and won’t be sufficiently compliant
• What is it? The GDPR is:
• Possibly, the once in a generation opportunity to transform the way organisations are compelled to manage data
• Benefit:
• Avoidance of fines & reputational damage
• Supports digital transformation outcomes
• The opportunity:
• It’s got budget and Board / Legal support
• It impacts most organisations
GDPR – the potential for value Organisations don’t have long to fully develop their approach
8 © Informatica. Proprietary and Confidential.
May 2018 isn’t far away, so it’s time to get practical…
9 © Informatica. Proprietary and Confidential.9
Where do you from here?
With around 7 months to go and a clock that won’t stop
ticking…
…organisations are looking at solutions to automate
processing and cope with data at scale
As it’s a principles-based regulation, organisations
will have different views on what the problem is, so…
…look for entry points into your requirements and help your business understand
the upside
11 © Informatica. Proprietary and Confidential.
… using some simple questions to understand the entry point(s)
Do you know what data you hold, who has access to it, and for what purpose?
Do you know how
will you manage
consents and data
rights?
Do you know how
you will protect your
data and ensure it
has the appropriate
controls?
Do you know
where all your in-
scope data is?
12 © Informatica. Proprietary and Confidential.
Informatica for GDPR Compliance Efforts
Capability: Data Governance
Lead Solution: Informatica Axon™
Capability: Consent
Mastering & Enacting
Rights
Lead Solution:
Informatica Master
Data Management
Capability: Archiving &
Anonymisation
Lead Solutions:
Informatica Data
Masking & Archiving
Capability: Sensitive
Data Discovery &
Risk
Lead Solution:
Informatica
Secure@Source ®
13 © Informatica. Proprietary and Confidential.
Data Governance
•Need: to understand what all the in-scope data is used for, why and by whom
•Why: so you understand how you’re aligning to the principles
•Common current approach: questionnaires, interviews and static documentation development – mostly done manually
•Approach drawback: inaccurate, time & resource consuming & often out-of-date
14 © Informatica. Proprietary and Confidential.
Collaborative Definition of Policies•
Definitions of Processes, Terms etc.•
Approval process within stakeholder group•
Publishing to entire organisation•
Link Policies to implementation artefacts & data•
Solutions for Intelligent Data Governance•
Lead solution: Informatica Axon•
Potential Stakeholders:•
Chief Data Officer•
Chief Information Officer•
Chief Risk/Compliance Officer•
Data Governance
Capability: Data Governance
Lead Solution: Informatica Axon
Capability: Consent
Mastering & Enacting
Rights
Lead Solution:
Informatica Master
Data Management
Capability: Archiving
& Anonymisation
Lead Solutions:
Informatica Data
Masking &
Archiving
Capability:
Sensitive Data
Discovery & Risk
Lead Solution:
Informatica
Secure@Source
15 © Informatica. Proprietary and Confidential.
Sensitive Data Discovery and Analysis
•Need: to understand where all the in-scope data is
•Why: so you understand the size & shape of the data problem
•Common current approach: review existing sources and send questionnaires
•Approach drawback: time & resource consuming, inaccurate & very often out-of-date
16 © Informatica. Proprietary and Confidential.
• Enterprise-wide data discovery & risk analytics
• In-scope Data discovery
• In-scope Data classification
• Proliferation analysis
• Multi-factor risk scoring
• Solutions for automated Sensitive Data Discovery and Risk scoring
• Lead solution: Informatica Secure@Source
Potential Stakeholders:•
Chief Legal Officer•
Chief Information Security Officer•
Chief Privacy Officer•
Sensitive Data Discovery & Risk AnalysisCapability: Data Governance
Lead Solution: Informatica Axon
Capability: Consent
Mastering &
Enacting Rights
Lead Solution:
Informatica
Master Data
Management
Capability:
Archiving &
Anonymisation
Lead Solutions:
Informatica Data
Masking &
Archiving
Capability:
Sensitive Data
Discovery & Risk
Lead Solution:
Informatica
Secure@Sourc
e
17 © Informatica. Proprietary and Confidential.
Consent Mastering and Enacting Rights
• Need: to capture, manage and distribute consent
• Why: so you have captured the lawfulness of processing
•Common current approach: extend preferences capabilities
•Approach drawback: Functionally inadequate
• Need: to match and link data about each individual data subject
• Why: so you can easily respond to SARs, erasure etc.
• Common current approach: manually match data or basic rules
• Approach drawback: low match rate, false positive / negatives, slow
18 © Informatica. Proprietary and Confidential.
Enterprise• -wide Single View of a Data Subject
Data Subject data discovery•
Multi• -Domain (Customer, Employee, etc.)
Data record matching and linking•
Home for Consent Data Services•
Solutions to associate Consents with •Mastered Data Subjects
Lead solution: Informatica Master Data •Management
• Potential Stakeholders:
• Chief Marketing Officer
• Chief Data Officer
• Chief Privacy Officer
Consent Mastering and Enacting RightsCapability: Data Governance
Lead Solution: Informatica Axon
Capability: Consent
Mastering &
Enacting Rights
Lead Solution:
Informatica
Master Data
Management
Capability:
Archiving &
Anonymisation
Lead Solutions:
Informatica Data
Masking &
Archiving
Capability:
Sensitive Data
Discovery & Risk
Lead Solution:
Informatica
Secure@Sourc
e
19 © Informatica. Proprietary and Confidential.
Archiving and Anonymisation
Need:• to put protections and controls around identified in-scope data
Why:• so you are demonstrating control over relevant data
Common current approach: • apply masking, deletion and archiving solutions as required
Approach drawback: • lack of targeted implementation, siloes of tools and implementations provides no holistic view
20 © Informatica. Proprietary and Confidential.
Enterprise• -wide Protection and Controls over data
Data deletion & retention•
Data masking•
Data archiving•
Solutions to automate Controls and the •Protection of data
Lead solution: Informatica Data Masking and •Archiving
• Potential Stakeholders:
• Chief Information Officer
• Chief Data Officer
• Chief Legal Officer
Archiving and AnonymisationCapability: Data Governance
Lead Solution: Informatica Axon
Capability: Consent
Mastering &
Enacting Rights
Lead Solution:
Informatica
Master Data
Management
Capability:
Archiving &
Anonymisation
Lead Solutions:
Informatica Data
Masking &
Archiving
Capability:
Sensitive Data
Discovery & Risk
Lead Solution:
Informatica
Secure@Sourc
e
21 © Informatica. Proprietary and Confidential.
Informatica for GDPR Compliance Efforts
DATA GOVERNANCE: AXONPolicy definitions. Role assignments. Approval workflows for tasks and definitions.
CONSENT MASTERING &
ENACTING RIGHTS
• Single view of the subject
• Store consents and sensitive data
• Provide purpose-based perspectives to
the consuming applications
• Enacting rights: Access, rectify,
objection, portability, right to be
forgotten
MASTER DATA
MANAGEMENT
PURGE DATA WITH
ARCHIVING &
ANONYMIZATION
• Persistent and dynamic sensitive data
masking, in production and non-
production environments
• Archive sensitive data in a secure,
easily accessible data store
DATA MASKING &
ARCHIVING
SENSITIVE DATA
DISCOVERY &
ANALYSIS
Discover & classify sensitive data•
Data map and data proliferation•
Heat maps to detect high• -risk
areas to setup a protection plan
User access and activity•
Risk monitoring & management•
SECURE@SOURCE
22 © Informatica. Proprietary and Confidential.22
What business value add is there?
Faster compliance reporting, faster data science,
optimised data risk, drives data as an asset
Faster delivery of
customer centricity and
digital transformation
programmes, data
superset for Market
purposes
Faster and more
secure application
testing, reduce costs
through data
minimisation
Faster data
discovery for other
policies, supports
breach prevention
initiatives
24 © Informatica. Proprietary and Confidential.24
Intelligent
Data Platform
ACLOUD
REAL TIME/
STREAMIN
G
BIG
DATA
TRADITIONA
L
DATA
INTEGRATIO
N
BIG DATA
MANAGEMENT
MASTER DATA
MANAGEMENTDATA
QUALITY
DATA
SECURITY
CLOUD DATA
MANAGEMENT
Products
Solutions
MONITOR AND MANAGE
CONNECTIVITY
COMPUTE
Enterprise Cloud
Data Management
CUSTOMER
360
DATA
GOVERNANC
E
REFERENCE
360
INTELLIGENT
DATA LAKESECURE@SOURCEPRODUCT
360
ENTERPRISE
INFORMATION
CATALOG
SUPPLIER
360
(ENTERPRISE UNIFIED METADATA INTELLIGENCE)
Informatica Intelligent Data Platform