Are your data ready for GDPR Compliance? USING A DATA HUB TO PROTECT PERSONAL DATA Track & Trace Capture & Connect Secure & Protect Certify & Curate Publish & Share 2017 Talend 1
Rémi Forest Solution Engineer Jean-Michel Franco Sr Product Mkt Director Track & Trace Capture & Connect Secure & Protect Certify & Curate Publish & Share 2017 Talend 2
Agenda GDPR and Data Governance: why, and why now? Drawing the Roadmap for GDPR Setting up the GDPR foundations with a Data Hub Establishing the 5 pillars for GDPR compliance with MAPR and Talend What s next on your GDPR journey? 3
Let s talk about personal data What I want to share Jean-Michel Franco, X2 years old, passionate about running Sr Director for Data Governance Products at Talend 2X experience in data management Engaged citizen in a data driven world (@jmichel_franco) Want to know More? Ask Google for my Physical/Digital journeys Ask Garmin for my physical & Experian for my financial health Ask Amazon for my buying & Waze for my driving behavior Ask Facebook for my personal & LinkedIn for my professional details But don t ask my doctor, he has taken the Hippocratic Oath 4
Beyond GDPR: it s all about Trust and Transparency Data Leaks BREAKING NEWS, Privacy Violations and Data Flaws Last Dieselgate Equifax year s breach forces privacy exposed German fines would data carmakers for be 143 79 times to million rethink higher consumers their under future GDPR Data Governance is no more an option 5
GDPR starts in 220 days: Will you be ready? 4% of global revenue 0.004% of global revenue 50% won t meet deadline Potential cost of for non compliance Budget devoted to data protection The pressure is on IT Source: European Commission, TeachPrivacy, Gartner 6
GDPR (General Data Protection Regulation) in a nutshell Protects privacy for individuals Goes into effect in 2018 (May, 25th). Increase powers of authorities to take action against non compliant business. Tough penalties: Fines up to 4% of annual global revenue or 20 million (whichever is greater) Worldwide Regulation also applies to non EU companies that process personal data of individuals in the EU. Broad definition: Personal data includes identifiers such as digital/online, genetic, mental, cultural, biometric Cross Border Data transfer : The international transfer of data will continue to be governed under EU GDPR rules. Affirmative Consent: obtaining consent for processing personal data must be clear, context based and must seek an affirmative response. Data Subjects Access Rights : Data Subjects have the right to be forgotten and erased from records. Users may request a copy of personal data in a portable format 7
Global Data Privacy is Multi-Dimensional Multiple subject areas Customer, Employee, Prospect, Citizen, Vendor Emerging data types Internet of Things, Logs, Biometrics Multiple jurisdictions EU, Canada, Australia, U.S. Rapidly changing regulations GDPR, CASL, HIPAA 8
GDPR Helicopter Positioning What s Involved Identify, know and track your personal data Make sure your Data is compliant Protect your Data and foster accountability Unleash your data for the data subject access rights? 9
What does GDPR mean for your Data Management practices? Goal Inventory your personal data Establish policies Protect your data Track and trace consent Engage your workforce Open your data to your data subjects 10
Draw your Roadmap for GDPR Compliance Engage Compliance Initiatives Consent Management Anonymization Rights of the data subject 3 2 Build your Personal Data Hub Know your Data Reconcile your data Regain control Assess your Capabilities Identify gaps Assess risks Define priorities and milestones 1 11
Assess your capabilities With http://talend.gdprevaluation.com/ Connect Fill-up a 20 questionnaire Get your readiness assessment 13
What is expected? Know where to find every data about every person (customer or employee) Collect and Store compliance related data (i.e. Consent status) Control who can access these data Trace who accessed these data Make sure you don t lose this data Matching all this on a distributed environment is at least very challenging 14
The case for a Personal Data Hub Physical or virtual consolidation of every person s data Data can be enriched with compliance related information Single place to control and trace access Automatically updated based on legacy source systems Can be used as data source for new applications 15
5 pillars for GDPR governance with MAPR & Talend Manage Data Location, Movement & Portability Map your Personal Data Delegate Accountalities Build your Data Subject 360 Protect your most Sensitive Data 16
Create a Data Inventory for Compliance GDPR article 4, 9 and 30 Define your Personal Data Connect them to your data sets Track & trace across the information chain 17
Build the 360 view of the data subject Based on data inventory, consolidate all data in a single place Document Databases are the perfect tool Referential integrity is mandatory : avoid manual processes ETL Change data capture Streaming/Real Time Closing the loop with source system might be needed for rights to be forgotten/rectification 18
Protect personal data at infrastructure level Protecting data is an holistic approach Ensure that no data can be lost Protect against attacks or errors : MapR Snapshots Protect against disaster : MapR Remote Replication Ensure that only authorized people have access to data: Logical access control : ACEs and auditing Physical access control : in-flight and at-rest encryption 19
Protect Personal data with Data Masking Article 5, 6, 11 and 32 Capture personal footprints in your datasets Apply Data Masking everywhere Obfuscate data for analytics 20
Foster accountability with Talend Data Preparation & Stewardship Articles 4, 5, 6, 24, 25, 27 Discover datasets and prepare data for integration Orchestrate collaborative Governance Certify Data with Self-Service Data Curation 21
Respect the right of the data subject Article 12, 13, 14, 15, 16, 17, 18, 19, 20, 21 Deliver data on request, in batch mode or deliver data services, in real time 22
Manage Data Location Your business is global, so are your data Your governance has to be global too MapR Data Fabric gives you global control over your data 23
Poll #2: Your priorities for compliance? Multiple responses 24
The issue of security is addressed with Talend Data Quality since we process some of our clients personal data and this data needs to be protected. In addition, Talend Metadata Manager can determine returned ten times faster than before where the data is located, when it is coming from, and where it is going. Air France-KLM aims delight customers with personalized experience, Air France KLM creates a complete 360 view of the customer. Damien Trinité, CRM Big Data Project Manager, Air France KLM Over 80% of lost items 25
MapR + Talend architecture in a nutshell Actions Social Media Search Medical Info Banking Info Ingest Track & Trace Capture & Connect Secure & Protect Certify & Curate Publish & Share Native Connectivity for the MapR Platform with Spark & Machine Learning MapR-FS MapR-DB MapR Data Platform MapR Streams Data Map Other PII Converged Data Platform Raise Alerts 26
What s next in your GDPR journey? Self-assess your readiness: http://talend.gdprevaluation.com/ Learn more on our joint solution : https://mapr.com/resources/maprtalend-gdpr-solution-brief/ Populate your personal data hub Set accountabilities & orchestrate collaborative data governance Operationalize GDPR governance (Consent, Data Subject Access Rights, Data Protection and Anonymization ) Questions? 27
Are your data ready for GDPR Compliance? USING A DATA HUB TO PROTECT PERSONAL DATA Track & Trace Capture & Connect Secure & Protect Certify & Curate Publish & Share 2017 Talend 28