Are Your Data Ready for GDPR? (with MAPR and Talend)
-
Upload
jean-michel-franco -
Category
Technology
-
view
181 -
download
1
Transcript of Are Your Data Ready for GDPR? (with MAPR and Talend)
1©2017 Talend
Are your data ready for GDPR Compliance?
Track & Trace Capture & Connect Secure & Protect Certify & Curate Publish & Share
USING A DATA HUB TO PROTECT PERSONAL DATA
2©2017 Talend
Track & Trace Capture & Connect Secure & Protect Certify & Curate Publish & Share
Rémi ForestSolution Engineer
Jean-Michel FrancoSr Product Mkt Director
3
GDPR and Data Governance: why, and why now?
Drawing the Roadmap for GDPR
Setting up the GDPR foundations with a Data Hub
Establishing the 5 pillars for GDPR compliance with MAPR and Talend
What’s next on your GDPR journey?
Agenda
4
• Jean-Michel Franco, X2 years old, passionate about running
• Sr Director for Data Governance Products at Talend
• 2X experience in data management
• Engaged citizen in a data driven world (@jmichel_franco)
Let’s talk about personal data
What I want to share
Want to know More ? • Ask Google for my Physical/Digital journeys
• Ask Garmin for my physical & Experian for my financial health
• Ask Amazon for my buying & Waze for my driving behavior
• Ask Facebook for my personal & LinkedIn for my professional details
But don’t ask my doctor, he has taken the Hippocratic Oath
5
Beyond GDPR: it’s all about Trust and Transparency
BREAKING NEWSData Leaks
Equifax breach exposed data for 143 million consumers
Last year’s privacy fines would be 79 times higher under GDPRDieselgate forces German carmakers to rethink their future
, Privacy Violations and Data Flaws
Data Governance is no more an option
6
Potential cost of for non compliance
GDPR starts in 220 days: Will you be ready?
4%of globalrevenue
Budget devoted to data protection
0.004%of globalrevenue
50%won’t meet
deadline
The pressure is on IT
Source: European Commission, TeachPrivacy, Gartner
7
GDPR (General Data Protection Regulation) in a nutshell• Protects privacy for individuals
• Goes into effect in 2018 (May, 25th).
• Increase powers of authorities to take action against non compliant business.
Tough penalties:
Fines up to 4% of annual global revenue
or €20 million (whichever is greater)
Broad definition:
Personal data includes identifiers such as
digital/online, genetic, mental, cultural, biometric
Worldwide
Regulation also applies to non EU companies that process
personal data of individuals in the EU.
Cross Border Data transfer :
The international transfer of data will continue to be governed
under EU GDPR rules.
Affirmative Consent: obtaining consent for
processing personal data must be clear, context
based and must seek an affirmative response.
Data Subjects Access Rights : Data Subjects have the
right to be forgotten and erased from records. Users may
request a copy of personal data in a portable format…
8
• Multiple subject areas • Customer, Employee, Prospect, Citizen, Vendor…
• Emerging data types
• Internet of Things, Logs, Biometrics…
• Multiple jurisdictions
• EU, Canada, Australia, U.S….
• Rapidly changing regulations
• GDPR, CASL, HIPAA…
Global Data Privacy is Multi-Dimensional
9
What’s Involved
GDPR – Helicopter Positioning
√
• Make sure your Data is compliant
• Unleash your data for the data subject access rights
?
• Identify, know and track your personal data
• Protect your Data and foster accountability
10
Goal
Inventory your personal data
Establish policies
Protect your data
Track and trace consent
Engage your workforce
Open your data to your data subjects
What does GDPR mean for your Data Management practices?
11
Draw your Roadmap for GDPR Compliance
2
Build your Personal Data Hub
Know your DataReconcile your dataRegain control
1
Assess your Capabilities
Identify gaps Assess risksDefine priorities and milestones
3Engage Compliance Initiatives
Consent ManagementAnonymizationRights of the data subject
13
http://talend.gdprevaluation.com/
Assess your capabilities
Connect Fill-up a 20’ questionnaire Get your readiness assessment
With
14
• Know where to find every data about every person (customer or employee)
• Collect and Store compliance related data (i.e. Consent status)
• Control who can access these data
• Trace who accessed these data
• Make sure you don’t lose this data
• Matching all this on a distributed environment is at least very challenging
What is expected?
15
• Physical or virtual consolidation of every person’s data
• Data can be enriched with compliance related information
• Single place to control and trace access
• Automatically updated based on legacy source systems
• Can be used as data source for new applications
The case for a Personal Data Hub
16
5 pillars for GDPR governance with MAPR & Talend
Map yourPersonal Data
Build yourData Subject
360°
Protect your mostSensitive Data
Delegate Accounta-
lities
ManageData Location,Movement &
Portability
17
GDPR article 4, 9 and 30
Create a Data Inventory for Compliance
Track & trace acrossthe information chain
Define your Personal Data
Connect them to your data sets
18
• Based on data inventory, consolidate all data in a single place
• Document Databases are the perfect tool
• Referential integrity is mandatory : avoid manual processes• ETL
• Change data capture
• Streaming/Real Time
• Closing the loop with source system might be needed for rights to be forgotten/rectification
Build the 360° view of the data subject
19
• Protecting data is an holistic approach
• Ensure that no data can be lost• Protect against attacks or errors : MapR Snapshots
• Protect against disaster : MapR Remote Replication
• Ensure that only authorized people have access to data:• Logical access control : ACEs and auditing
• Physical access control : in-flight and at-rest encryption
Protect personal data at infrastructure level
20
Obfuscate data for analytics
Article 5, 6, 11 and 32
Protect Personal data with Data Masking
Apply Data Masking everywhere
Capture personal footprints in your datasets
21
Certify Data with Self-Service Data Curation
Articles 4, 5, 6, 24, 25, 27
Foster accountability with Talend Data Preparation & Stewardship
Orchestrate collaborative Governance
Discover datasets and prepare data for integration
22
Article 12, 13, 14, 15, 16, 17, 18, 19, 20, 21
Respect the right of the data subject
…or deliver data services, in real time
Deliver data on request,in batch mode
23
• Your business is global, so are your data
• Your governance has to be global too
• MapR Data Fabric gives you global control over your data
Manage Data Location
24
Poll #2: Your priorities for compliance?
Multiple responses
25
“Over 80% of lost items returned”
Air France-KLM aims delight customers with personalized experience, Air France KLM creates a complete 360° view of the customer.
“The issue of security is addressed with Talend Data Quality since we process some of our clients’ personal data and this data needs to be protected. In addition, Talend Metadata Manager can determine ten times faster than before where the data is located, when it is coming from, and where it is going.”
Damien Trinité, CRM Big Data Project Manager, Air France KLM
26
MapR-FS
MapR Data Platform
MapR StreamsMapR-DB
Social Media
Converged Data Platform
Medical Info
Other PII
Banking Info
…
Ingest
Search
Data Map
Raise Alerts
…
Actions
Native Connectivity for the MapR Platform with Spark & Machine Learning
Track & Trace Capture & Connect Secure & Protect Certify & Curate Publish & Share
MapR + Talend architecture in a nutshell
27
What’s next in your GDPR journey?
• Self-assess your readiness: http://talend.gdprevaluation.com/
• Learn more on our joint solution : https://mapr.com/resources/mapr-
talend-gdpr-solution-brief/
• Populate your personal data hub
• Set accountabilities & orchestrate collaborative data governance
• Operationalize GDPR governance (Consent, Data Subject Access Rights,
Data Protection and Anonymization…)
Questions?
28©2017 Talend
Are your data ready for GDPR Compliance?
Track & Trace Capture & Connect Secure & Protect Certify & Curate Publish & Share
USING A DATA HUB TO PROTECT PERSONAL DATA