Understanding my data and getting value from it

Similar documents
Summary of results from the audit of data protection officers in authorities and in private sector companies

ENISA s Position on the NIS Directive

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

Fabrizio Patriarca. Come creare valore dalla GDPR

Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)

How the GDPR will impact your software delivery processes

Data Processing Agreement

GDPR: A QUICK OVERVIEW

Royal Mail Consultation: Changes to Postal Schemes to reflect new data protection legislation

DATA PROCESSING TERMS

Data Management and Security in the GDPR Era

ARTICLE 29 DATA PROTECTION WORKING PARTY

Recommendations on How to Tackle the D in GDPR. White Paper

2 The IBM Data Governance Unified Process

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Data Processing Clauses

The GDPR Are you ready?

IAB Europe Guidance CONTROLLER-PROCESSOR CRITERIA. IAB Europe GDPR Implementation Working Group. Version July Working Paper 05/2018

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

The Role of the Data Protection Officer

8. AUTOMATED DECISION MAKING DURING DATA PROCESSING FURTHER INFORMATION FURTHER INFORMATION AND GUIDANCE CONTACT US...

Data Governance for GDPR Compliance: Principles, Processes, and Practices

EY s data privacy service offering

Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679

Charting the Course to GDPR: Setting Sail

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

IBM Security Guardium Analyzer

Cybersecurity Considerations for GDPR

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Overview of Akamai s Personal Data Processing Activities and Role

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

Data Processor Agreement

MOBIUS + ARKIVY the enterprise solution for MIFID2 record keeping

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

OBTAINING CONSENT IN PREPARATION FOR GDPR

BHConsulting. Your trusted cybersecurity partner

Conducting a data flow mapping exercise under the GDPR. Presented by: Alan Calder, founder and executive chairman, IT Governance 4 October 2017

1. Right of access. Last Approval Date: May 2018

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report

General Data Protection Regulation (GDPR)

Getting personal with your customers and GDPR

ARE YOU READY FOR GDPR?

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

Data Processing Agreement DPA

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Top Privacy Issues for Infosec Professionals

EMC Ionix IT Compliance Analyzer Application Edition

The GDPR toolkit. How to guide for Executive Committees. Version March 2018

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

the processing of personal data relating to him or her.

General Data Protection Regulation (GDPR) NEW RULES

Towards an integrated regulation platform in Luxembourg. Information Security Education Day th of april

IT MANAGEMENT AND THE GDPR: THE VMWARE PERSPECTIVE

Information leaflet about processing of personal data (

Project Better Energy Limited s registered office is Witan Gate House, Witan Gate West, Milton Keynes, Buckinghamshire, MK9 1SH

Addressing GDPR Compliance Using Oracle Data Integration and Data Governance Solutions O R A C L E W H I T E P A P E R D E C E M B E R

GDPR: An Opportunity to Transform Your Security Operations

GDPR RECRUITMENT POLICY

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

WHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help

African Theatre Association (AfTA) PRIVACY POLICY

Emergency Compliance DG Special Case DAMA INDIANA

DATA PROCESSING AGREEMENT

City, University of London Institutional Repository. This version of the publication may differ from the final published version.

Enterprise GRC Implementation

Google Cloud & the General Data Protection Regulation (GDPR)

Smart Software Licensing tools and Smart Account Management Privacy DataSheet

PRIVACY POLICY OF THE WEB SITE

Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679

1. Type of personal data that we collect and process?

European Union Agency for Network and Information Security

Canada Life Cyber Security Statement 2018

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

Data Processing Agreement

How to work your cloud around the UK ICO s Data Protection Act

Privacy Policy. In this data protection declaration, we use, inter alia, the following terms:

STATEMENT OF STRATEGY

GDPR Controls and Netwrix Auditor Mapping

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Guidelines for Interface Publication Issue 3

FileFacets for GDPR. Solution Overview for Compliance. Copyright 2017 FileFacets Corporation. All rights reserved

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

Toward Horizon 2020: INSPIRE, PSI and other EU policies on data sharing and standardization

ICT Legal Consulting on GDPR: the possible value of certification in data protection compliance and accountability

PRINCIPLES OF PROTECTION OF PERSONAL DATA (GDPR) WITH EFFICIENCY FROM

GDPR: A technical perspective from Arkivum

Protecting your data. EY s approach to data privacy and information security

Regulating Cyber: the UK s plans for the NIS Directive

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

Introductory guide to data sharing. lewissilkin.com

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Developing your GDPR response for competitive advantage. EU General Data Protection Regulation (GDPR)

Accelerate GDPR compliance with the Microsoft Cloud

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

EY s data privacy service offering. How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world

Transcription:

Understanding my data and getting value from it Creating Value With GDPR: Practical Steps 20 th February 2017 Gregory Campbell Governance, Regulatory and Legal Consultant, IBM Analytics gcampbell@uk.ibm.com Sol Barron Information Governance Specialist, IBM Analytics sol.barron@uk.ibm.com Simon Knezevic GDPR Lead Distribution Sector, IBM GBS simon.knezevic@uk.ibm.com 2017 IBM UK & Ireland

Notice Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. References to GDPR are references to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) 2017 IBM UK & Ireland 2

Understanding My Data Data Mapping and Data Discovery 2017 IBM UK & Ireland 3

Understanding My Data Data Mapping and Data Discovery ORGANISATIONAL and TECHNICAL MEASURES 2017 IBM UK & Ireland 4

Understanding My Data Data Mapping and Data Discovery PROACTIVE vs REACTIVE 2017 IBM UK & Ireland 5

Understanding My Data Data Mapping and Data Discovery PROACTIVE vs REACTIVE 2017 IBM UK & Ireland 6

Understanding My Data Data Mapping and Data Discovery PROACTIVE and REACTIVE 2017 IBM UK & Ireland 7

Understanding My Data Data Mapping and Data Discovery VALUE 2017 IBM UK & Ireland 8

Understanding My Data Data Mapping and Data Discovery DATA MAPPING VALUE DATA DISCOVERY 2017 IBM UK & Ireland 9

Understanding My Data Data Mapping and Data Discovery Basic Concepts DATA MAPPING Top Down process cataloguing the locations in your organisation where (personal) data and processes exist, together with e.g. their usage and purposes 2017 IBM UK & Ireland 10

Understanding My Data Data Mapping and Data Discovery Basic Concepts Bottom up process, commonly supported by tools, to discover and classify the content of data stores DATA DISCOVERY 2017 IBM UK & Ireland 11

What is Data Mapping? GDPR Context DATA MAPPING Recital 82 of Regulation (EU) 2016/679 Article 30 of Regulation (EU) 2016/679 2017 IBM UK & Ireland 12

G D P R A R T I C L E 3 0 Records of Processing Activities What is Data Mapping? GDPR Context controller who why what where when processor way who why where written sme way regulator 2017 IBM UK & Ireland 13 Article 30 of Regulation (EU) 2016/679

What is Data Mapping? The Challenges Interpreting, following and actioning Article 30 Leveraging the application of data mapping beyond Article 30 Building on existing data mapping activities to align with GDPR Continuing obligation, not a one-time process 2017 IBM UK & Ireland 14

What is Data Discovery? How does it relate to and help Data Mapping? Methodical and/or targeted review of data stores across the information landscape Generally a tools based approach to understand contents but can involve manual activity Discovery and classification of personal data is an implicit and pervasive requirement of the GDPR 2017 IBM UK & Ireland 15

Data Mapping and Data Discovery GDPR outcomes and beyond Support demonstration of records of processing activities to regulators Enabler towards master data management (single view of the individual) projects Foundational steps towards conforming with the wider GDPR and beyond GDPR... 2017 IBM UK & Ireland 16

Understand My Data Protect, govern and know your data you can t protect and govern what you don t know Finding Personal Data within the petabytes of information across an enterprise is a technical and organisational challenge The proliferation of unstructured data makes this even harder Tools need to be an essential element of your discovery projects 2017 IBM UK & Ireland 17

So What Do You Do? PREPARE 2017 IBM UK & Ireland 18

StoredIQ Understanding Unstructured Data Fast discovery of unstructured data across the enterprise scaling from Terabytes to multiple Petabytes Where the data is What the data is How big the data is What the data is called Who created the data Deep knowledge of the data, many layers of attributes 2017 IBM UK & Ireland 19

StoredIQ Deeper Analysis Open each text file, index its content: Words, Phrases, Names Patterns National Insurance numbers, credit cards, IDs, etc. Classifies content based on userdefinable taxonomy Auto-Classification: No coding required, uses Natural Language Processing Provides additional overlay/filter analysis capability 2017 IBM UK & Ireland 20

Cataloguing and making Data Mapping and Data Discovery results useable Results of data mapping and data discovery must be documented. It is necessary to understand: The regulations applying to the data The purpose Type of data Ownership and stewardship Retention rules Ease of access, control, maintainability and auditability of this information is necessary to ensure your catalogue remains accurate Clipboard and spreadsheet approaches fall short 2017 IBM UK & Ireland 21

Atlas for Data Mapping Helps you improve information economics and reduce risk by enabling defensible disposal of data debris Primary features include: A citation database of relevant legislation, regulation and policy An organizational, multi-jurisdictional retention file plan for all information types with crossreference back to the corresponding citation A catalogue of data sources (processes, data repositories, applications, etc.) Maps all information types to the data sources which utilize them as well as the business units and individuals who own the information The who, why, what, where, when and way in which you handle your (personal) data 2017 IBM UK & Ireland 22

Understand My Data Data Mapping and Data Discovery Approach 2017 IBM UK & Ireland 23

Phased Implementation Approach Crawl Start Small Start Quickly Walk Expand Introduce Tooling Jog Governance and Integration Run Continuing Accountability Confirm data mapping and data discovery focus based business use of personal data and risk based priority Extend focus of data mapping and discovery beyond initial focus areas Implement and refine data governance process to incorporate personal data Full information governance implemented across enterprise to ensure data is controlled and processes in place Conduct data mapping exercise and maintain an inventory / catalogue manually in spreadsheets or stand alone tools Utilise centralised tool based catalogue with audit control and accessibility Integrate discovery and catalogue tools to ensure discovery to simplified and ongoing maintenance of personal data catalogue Incorporate master data management for digital personal data enabling control and audit and embed in as part of information governance Validation of personal data is conducted by business, system owners and administrators and manually captured Conduct tool based data discovery to assess structured and unstructured data sources for potential personal data 2017 IBM UK & Ireland 24

2017 IBM UK & Ireland 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback