Importance of the Data Management process in setting up the GDPR within a company CREOBIS

Similar documents
TDWI Data Governance Fundamentals: Managing Data as an Asset

Security and Privacy Governance Program Guidelines

Data Governance Central to Data Management Success

ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )

How ISO can assist with your GDPR compliance

General Data Protection Regulation (GDPR) The impact of doing business in Asia

DATA STEWARDSHIP BODY OF KNOWLEDGE (DSBOK)

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

The Data Governance Journey at Principal

Accelerate GDPR compliance with the Microsoft Cloud

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Accountability Conceptual Framework

The Etihad Journey to a Secure Cloud

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

Enabling Data Governance Leveraging Critical Data Elements

EU General Data Protection Regulation (GDPR) Achieving compliance

Manchester Metropolitan University Information Security Strategy

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

Securing Your Digital Transformation

locuz.com SOC Services

General Data Protection Regulation (GDPR) and the Implications for IT Service Management

Position Title: IT Security Specialist

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

April 17, Ronald Layne Manager, Data Quality and Data Governance

MNsure Privacy Program Strategic Plan FY

Data Governance: Are Governance Models Keeping Up?

Managing SaaS risks for cloud customers

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

Data Management and Security in the GDPR Era

GDPR compliance: some basics & practical to do list

Data Governance: Data Usage Labeling and Enforcement in Adobe Cloud Platform

A Global Look at IT Audit Best Practices

Data Stewardship Core by Maria C Villar and Dave Wells

GDPR: A QUICK OVERVIEW

Our agenda. The basics

Recommendations on How to Tackle the D in GDPR. White Paper

CISM Certified Information Security Manager

Jelena Roljevic Assistant Vice President, Business Intelligence Ronald Layne Data Governance and Data Quality Manager

Data Governance Quick Start

Data Governance Industrial Internet & Big Data

GDPR: A technical perspective from Arkivum

Accelerate Your Enterprise Private Cloud Initiative

Vendor: The Open Group. Exam Code: OG Exam Name: TOGAF 9 Part 1. Version: Demo

CCISO Blueprint v1. EC-Council

2 The IBM Data Governance Unified Process

Google Cloud & the General Data Protection Regulation (GDPR)

INTELLIGENCE DRIVEN GRC FOR SECURITY

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Best Practices in Enterprise Data Governance

Cloud Customer Architecture for Securing Workloads on Cloud Services

The Value of Force.com as a GRC Platform

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

Implementing a Successful Data Governance Program

A company built on security

Helping Address GDPR Compliance Using Oracle Security Solutions ORACLE WHITE PAPER SEPTEMBER 2017

Network Visibility and Segmentation

STEP Data Governance: At a Glance

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

MOBIUS + ARKIVY the enterprise solution for MIFID2 record keeping

Course Information

Solving the Enterprise Data Dilemma

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

GDPR compliance. GDPR preparedness with OpenText InfoArchive. White paper

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

Getting ready for GDPR

Building a Data Strategy for a Digital World

Developing your GDPR response for competitive advantage. EU General Data Protection Regulation (GDPR)

Practical Guide to Hybrid Cloud Computing. Cloud-Computing.

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

Securing Your Cloud Introduction Presentation

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

DRI: Preservation Planning Case Study Getting Started in Digital Preservation Digital Preservation Coalition November 2013 Dublin, Ireland

The Data Catalog The Key to Managing Data, Big and Small. April Reeve May

HCL GRC IT AUDIT & ASSURANCE SERVICES

Addressing GDPR Compliance Using Oracle Data Integration and Data Governance Solutions O R A C L E W H I T E P A P E R D E C E M B E R

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report

CLOUD GOVERNANCE SPECIALIST Certification

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. 22 Mar

Turning Risk into Advantage

10 Considerations for a Cloud Procurement. March 2017

Stony Brook University Data Strategy. Presented to the Data Governance Council June 8, 2017

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Risk Advisory Academy Training Brochure

Data Governance Toolkit

The Role of IT in HIPAA Security & Compliance

Practical Guide to Cloud Computing Version 2. Read whitepaper at

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

Canada Life Cyber Security Statement 2018

Certified Information Security Manager (CISM) Course Overview

STRATEGIC PLAN

University of Texas Arlington Data Governance Program Charter

Unified Governance for Amazon S3 Data Lakes

ROLE DESCRIPTION IT SPECIALIST

Modern Database Architectures Demand Modern Data Security Measures

Transcription:

Importance of the Data Management process in setting up the GDPR within a company CREOBIS 1 Alain Cieslik

Personal Data is the oil of the digital world 2 Alain Cieslik

Personal information comes in different forms & media. 3

Personal information comes in different forms & media. Personal Data Non-Structured Semi-structured Excel / Word / Powerpoint Picture / Video / Sound Paper Email / Chat Social Network Search Engine Web page XML JSON NOSQL Structured Database 4

IT Ecosystem for personal data Data Center Cloud Big Data Applications Databases File servers Mainframes Data warehouse IaaS Paas SaaS Data Lake NoSql Hadoop 5

IT Ecosystem for personal data: File systems Documents 6

IT Ecosystem for personal data: Databases Privacy by design Art 25. Data Protection by design Art 32. Security of processing 7

IT Ecosystem for personal data: Modern Data warehouse https://www.slideshare.net/jamserra/building-an-effectivedatawarehousearchitecturewithhadoop 8

Manage Personal Data lifecycle https://www.i-scoop.eu/information-management/ 9

Personal information comes in a lot of different forms & media. IT Ecosystem for personal data is complex Manage Personal Data lifecycle 10

Data Management Overview http://dama-phoenix.org/wp-content/uploads/2015/09/dama-phoenix-dmbok2.pdf 11 Alain Cieslik

Data Management Overview Guiding Principles 1. Data and information are valuable enterprise assets. 2. Manage data and information carefully, like any other asset, by ensuring adequate quality, security, integrity, protection, availability, understanding, and effective use. 3. Share responsibility for data management between business data stewards (trustees of data assets) and data management professionals (expert custodians of data assets). 4. Data management is a business Knowledge Area and a set of related disciplines. 5. Data management is also an emerging and maturing profession with the IT field. 12

Data Management Overview Knowledge Areas (KAs) 1. Data Governance 2. Data Architecture 3. Data Modeling and Design 4. Data Storage and Operations 5. Data Security 6. Reference and Master Data 7. Data Warehousing and Business Intelligence 8. Data Integration and Interoperability 9. Documents and Content 10. Metadata 11. Data Quality 13

Data Management Overview General Context Diagram Definition What is the Knowledge Area? Goals What does the Knowledge Area accomplish? Why does the Knowledge Area exist? Activities What are the Knowledge Area s tasks that accomplish the goals? Inputs What do the Knowledge Area s tasks use? Suppliers Who provides the inputs to the Knowledge Area s tasks? Responsible Who is performs the Knowledge Area? Tools What tools do the Knowledge Area s tasks use? Deliverables What does the Knowledge Area deliver? Consumers Who uses the primary deliverables? Stakeholders Who has an interest in the Knowledge Area s success? Metrics What is used to measure the Knowledge Area s success? 14

15 Alain Cieslik

Art 5. Principles relating to processing of personal data 16 Alain Cieslik

Art 5. Principles relating to processing of personal data Lawfulness, fairness and transparency Purpose limitation Data minimisation Accuracy Storage limitation Integrity & confidentiality Accountability 17

Art 5. Principles relating to processing of personal data Principles Governance Quality Metadata Security lawfulness, fairness and transparency purpose limitation data minimisation accuracy storage limitation integrity and confidentiality 18

DMBOK2 - Key Areas 19 Alain Cieslik

DMBOK2 Key Areas Data Governance 1. Data Governance Planning, supervision and control over data management and use. Data Governance and Stewardship Goals 1. Define, approve, communicate, and implement principles, policies, procedures, metrics, tools, and responsibilities for data management. 2. Track and enforce compliance to regulatory and internal data policies. 3. Monitor and guide data usage and management activities. Activities 1. Define Data Governance for the organization 2. Define the Operating Framework 3. Create and implement data principles and policies 4. Define roles 5. Implement and sustain 20

DMBOK2 Key Areas Data Governance 1. Data Governance Planning, supervision and control over data management and use. Goals of Business Cultural Development Goals 1. To define a data-centric organization 2. To understand how business culture development supports data governance 3. To define change management activities that can support data management and business culture alignment 4. To highlight the need for communication and training in data management activities Activities 1. Create a data-centric organization 2. Develop organizational touchpoints 3. Develop data-centric culture controls 21

DMBOK2 Key Areas Data Governance 1. Data Governance Planning, supervision and control over data management and use. Data in the Cloud Goals 1. Define, contract, implement, and monitor cloud based data management areas of programs. 2. Define implement/contract, monitor and report SLAs on internal and external data stores. Activities 1. Assess organizational readiness 2. Define cloud and outsourcing requirements for the organization 3. Define and execute contracting requirements 4. Select and execute cloud infrastructure vendor environment 5. Develop security rules and ETL/capture data change (CDC) code 6. Operationalize cloud data activities 7. Report on service monitoring 22

DMBOK2 Key Areas Data Governance 1. Data Governance Planning, supervision and control over data management and use. Data Handling Ethics Goals 1. Review Data-Handling Practices 2. Develop the Ethical Data Handling Strategy 3. Communicate and Educate Staff 4. Address Practices Gaps 5. Monitor and Maintain Alignment Activities 1. Review Data-Handling Practices 2. Develop the Ethical Data Handling Strategy 3. Communicate and Educate Staff 4. Address Practices Gaps 5. Monitor and Maintain Alignment 23

DMBOK2 Key Areas Data Governance 5. Data Security Definition, planning, development, and execution of security policies and procedures to provide proper authentication, authorization, access, and auditing of data and information assets. Goals 1. Enable appropriate, and prevent inappropriate, access to enterprise data assets. 2. Understand and comply with all relevant regulations and policies for privacy, protection, and confidentiality. 3. Ensure that the privacy and confidentiality needs of all stakeholders are enforced and audited. Activities 1. Identify Relevant Data Security Requirements 2. Define Data Security Policy 3. Define Data Security Standards 4. Assess Current Security Risks 5. Implement Data Security Controls and Procedures 24

DMBOK2 Key Areas Data Governance 10. Metadata Planning, Implementation, and control activities to enable access to high quality, integrated metadata Goals 1. Provide organizational understanding of business terms and usage 2. Collect and integrate metadata from diverse sources 3. Provide standard way to access the metadata 4. Ensure metadata quality and security Activities 1. Define the Metadata Strategy 2. Understand Metadata Requirements 3. Define Metadata Architecture 4. Create MetaModel 5. Apply Metadata Standards 6. Manage Metadata Stores 7. Create and Maintain Metadata 8. Integrate Metadata 9. Distribute and Deliver Metadata 10. Query, Report and Analyze Metadata 25

DMBOK2 Key Areas Data Governance 11. Data Quality The planning, implementation, and control activities that apply quality management techniques to data, in order to assure it is fit for consumption and business purpose(s). Goals 1. Develop a governed approach to measurably improve the quality of data according to defined business rules. 2. Define requirements and specifications for integrating data quality control into the system development lifecycle. 3. Define and implement processes for measuring, monitoring, and reporting conformance to acceptable levels of data quality. Activities 1. Create a Data Quality Culture 2. Perform Preliminary Data Quality Assessment 3. Define Data Quality Requirements 4. Assess Data Quality 5. Develop and Deploy Data Quality Operations 6. Measure and Monitor Data Quality 26

DMBOK2 Key Areas Data Governance Phase 1 Acquire data capabilities Data Security Data Storage & Operations Data Modeling and Design Data integration & interoperability Phase 2 Improve data quality Data Architecture Data Quality Metadata Phase 3 Setup data governance Data Governance Data Warehousing Documents & Contents Reference & Master Data Phase 4 Advanced analytic capabilities Data Mining Data Analytics Big Data DMBook 2.0: Purchase or Built database capability 27

Summary of GDPR and Information Governance https://castlebridge.ie/blog/2016/01/26/our-most-requested-slide-2014-2015 28 Alain Cieslik

Summary of GDPR and Information Governance Risk & Penalties Mitigation Risk based approach to data protection Principle driven Extra territoriality Fines as % of Global turnover Increased Penalties Core principles 1. lawfulness, fairness and transparency 2. purpose limitation 3. data minimisation 4. accuracy 5. storage limitation 6. integrity and confidentiality 7. accountability Data Management Mitigating factors https://castlebridge.ie/blog/2016/01/26/our-most-requested-slide-2014-2015 29

Summary of GDPR and Information Governance Respect privacy 30

Summary of GDPR and Information Governance Core principles 1. lawfulness, fairness and transparency 2. purpose limitation 3. data minimisation 4. accuracy 5. storage limitation 6. integrity and confidentiality 7. accountability Data Management Data protection officer Documentation Evidence of effectiveness Privacy by design Oversee & Govern Plan & Build Do & Manage Engage & Respond https://castlebridge.ie/blog/2016/01/26/our-most-requested-slide-2014-2015 Respect privacy 31

Summary of GDPR and Information Governance Risk & Penalties Mitigation Risk based approach to data protection Principle driven Extra territoriality Fines as % of Global turnover Increased Penalties Core principles 1. lawfulness, fairness and transparency 2. purpose limitation 3. data minimisation 4. accuracy 5. storage limitation 6. integrity and confidentiality 7. accountability Explicit focus on Data Management Data protection officer Documentation Evidence of effectiveness Oversee & Govern Plan & Build Do & Manage Mitigating factors Privacy by design Engage & Respond Respect privacy 32

In conclusion Ø Data is a company asset that need to be managed Ø Do not underestimate the complexity of managing data Ø A lot of different type of format and media Ø A complex ecosystem Ø The challenge of managing the full data lifecycle Ø Data Management Frameworks can help you in this journey Ø Data Management requires an entreprise perspective Ø GDPR is a fantastic opportunity to improve the data management in your company 33

ac@ictc.eu 34

References o http://dama-phoenix.org/wp-content/uploads/2015/09/dama-phoenix-dmbok2.pdf o https://castlebridge.ie/blog/2016/01/26/our-most-requested-slide-2014-2015 o https://www.slideshare.net/jamserra/building-an-effectivedatawarehousearchitecturewithhadoop o https://www.i-scoop.eu/information-management/ o https://www.slideshare.net/damaireland/dama-ireland-gdpr?qid=8482d85b-37de-48c4-8637- dc38047f3496&v=&b=&from_search=12 35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback