Upload File

adaptive - what are companies doing about gdpr...what are companies doing about gdpr? is your...

  • Home
  • Documents
  • Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc
18
What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 Confidential and Restricted. Adaptive, Inc. 2018 1

Upload: others

Post on 19-Aug-2020

4 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

WhatAreCompaniesDoingAboutGDPR?IsYourCompanyReady?

DAMADay-June21,2018

ConfidentialandRestricted.Adaptive,Inc.20181

Page 2: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

TopicsforDiscussion

Copyright©2018Adaptive,Inc.AllRightsReserved. 2

•  HowareorganizationsmeetingGDPRrequirements?

•  Whatarethechallenges?Whyisithardandexpensive?

•  Applyinglessonslearned:ApracticalimplementationframeworkformeetingGDPRrequirements

Page 3: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

GDPRInaNutshell

Copyright©2018Adaptive,Inc.AllRightsReserved. 3

Allaboutprotectingcustomerdata,whichmeans:

•  Knowingwhereprotectedclassesofcustomerdataarebeingstored

•  Applyingdataprotectioncontrolsonthem

•  Usingthemonlywhenneeded

•  Keepingthemonlyasneeded

•  Deletingthematrequest

•  Sharingthematrequest

•  Knowingwhentheyaremisused/lost

•  Notifying/respondingwhentheyaremisused/lost

Page 4: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

ProtectedClassesofData

Copyright©2018Adaptive,Inc.AllRightsReserved. 4

•  Basicidentityinformationsuchasname,addressandIDnumbers(PIIorpersonallyidentifiableinformation)

•  Webdatasuchaslocation,IPaddress,cookiedataandRFIDtags

•  Healthandgeneticdata

•  Biometricdata

•  Racialorethnicdata

•  Politicalopinions

•  Sexualorientation

Page 5: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

HowAreCompaniesAddressingGDPR

Copyright©2018Adaptive,Inc.AllRightsReserved. 5

ARiskandControlsFrameworkforGDPRReadiness

!  HiringKeyCorporateOfficers!  InventoryingDataProcessors!  UpdatingPrivacyPolicies!  RevisingDataProtectionContracts

withSuppliers

!  UpgradingIncidentResponseProcedures

Policy&GovernanceControls

DataControls

!  IdentifyingSourcesofProtectedData

!  MappingSourcestoBusinessFunctions/UsesofData

!  ImplementingTechnicalProtectionControlsatSourcesbasedonDataUsage/Function

Page 6: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

Policy&GovernanceControls

Copyright©2018Adaptive,Inc.AllRightsReserved. 6

HiringtheRightOfficers1.  HaveyouformalizedthetitlesforDataControllerandDataPrivacyOfficer?

2.  Havetheybeenstaffed?

3.  Aretheirresponsibilitiesandorganizationalstructuresclear?

InventoryingDataProcessors

1.  AreallDataProcessorswithinacompanyidentified?o  Impliesthatweknowwherecustomerdataisstoredthroughouttheenterprise,

andallBusinessandITowners(in-sourcedoroutsourced)areidentified

Page 7: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

Policy&GovernanceControls

Copyright©2018Adaptive,Inc.AllRightsReserved. 7

UpdatingPrivacyPolicies1.  DoesitprovidetheidentityandcontactinformationoftheDataPrivacyOfficer?

2.  Doesitdescribethepurposeforstoringcustomerdata,andhowitwillbeused?

o  CRITICAL:Purposesandusesneedtobelinkedtobusinessfunctionsandoperations

3.  Doesitdescribewhatcategoriesofpersonaldataarebeingcollected?o  CRITICAL:CategoriesneedtobelinkedtoBusinessGlossaries/DataDictionaries

4.  Doesitdescribewhodataisbeingsharedwith?5.  Doesitdescribehowlongdatawillbemaintained(andhowthiswasdetermined)?

6.  Doesitlayoutthecustomer’srights(tobeforgotten,tolodgecomplaints)?

7.  Doesitdescribewhathappensifthereisabreachandwhattheconsequencesofnon-complianceare?

Page 8: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

Policy&GovernanceControls

Copyright©2018Adaptive,Inc.AllRightsReserved. 8

RevisingDataProtectionContractswithSuppliers1.  RevisitingwhointheDataProcessors’orgcanaccesscustomerdata

2.  Revisitingincidentnotificationresponsibilities

3.  Revisitingliabilityclaimsandinsurancerequirementso  Thisistypicallythemostchallengingarea

UpgradingIncidentResponseProcedures

1.  Canyoumeetthe72-hourtimingwindowtonotifyclientsofbreachormisuseofdata?o  Impliesstrongdataleakageandsecurityeventmonitoringtechnicalcontrolsforall

sourcesofprotecteddatawithinallDataProcessorso  Impliescomprehensivecustomernotification/escalationcapabilities

Page 9: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

DataControls

Copyright©2018Adaptive,Inc.AllRightsReserved. 9

IdentifyingSourcesofProtectedData1.  HaveyoudefinedProtectedDataintoCriticalDataElements(CDEs)inyour

DataDictionary?

2.  HaveyouinventoriedallSourcesofCDEsfronttoback–mappingbusinessappstodataclasses(logicaltophysical)?

ProtectedDataClass CriticalDataElement(CDE)

IdentityInformation •  FirstName•  LastName•  HomeorPhysicalmailingaddress•  …

WebData •  IPaddress•  MACaddress•  WebsiteURL•  …

HealthandGeneticData •  Prescription•  MedicalID/recordnumber•  AdmitDate•  …

Page 10: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

DataControls

Copyright©2018Adaptive,Inc.AllRightsReserved. 10

MappingSourcestoBusinessFunctions/UsesofData1.  HaveyoudefinedaFunctionalTaxonomy(functionmodel),whichmapsto

theusesofdata?

2.  HaveyoumappedSourcesofdata(businessapps)tofunctions?

FunctionalCategory Function

SalesandMarketing •  MarketResearch•  AdvertisingandPromotion•  NewCustomerAcquisition•  …

CustomerLifecycleManagement

•  OnboardingandKYC•  CustomerRelationshipManagement•  CustomerSupport•  …

ProductManagement •  ProductSelectionandPromotion•  ProductStrategy•  NewProductDevelopment•  …

Page 11: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

DataControls

Copyright©2018Adaptive,Inc.AllRightsReserved. 11

ImplementingTechnicalProtectionControls1.  Encryption(inflight,atrest)

2.  Accesscontrol(authentication,authorization)

3.  ArchivalandRetention(informationlifecyclemanagement)

4.  Deletion(forindividualrecordsanddatabasevalues)

5.  Distribution/Sharing

6.  Monitoring/IncidentDetection(leakage,securityevent)

7.  Escalation(notification,communication)

Goalistomapcontroltypestofunctions,dataandsystemsinordertomeasurecompliance

Page 12: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

WhataretheEmergingBestPractices?

Copyright©2018Adaptive,Inc.AllRightsReserved. 12

•  Eitherinvestinmodelingcontrols,functionsanddatarelationships

•  Or,investinKnowledgeGraphsorsemanticontologies(e.g.,FIBO,RDF,commercialmodels)

ReusableSimpleEnterpriseModels

AutomatedHarvesting

•  Adaptorstobuildinventoriesofdataandmeta-dataacrossecosystemofbusinessapps

•  Inferenceenginesandmachinelearningclassificationmodelsthatmapdatafrombusinessappstosemanticmodels

Page 13: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

HowMuchInvestmentisRequired?

Copyright©2018Adaptive,Inc.AllRightsReserved. 13

Page 14: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

HowMuchInvestmentisRequired?

Copyright©2018Adaptive,Inc.AllRightsReserved. 14

Page 15: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

WhatAretheKeyChallenges?

Copyright©2018Adaptive,Inc.AllRightsReserved. 15

1.  IdentifyinglistofDataProcessors,andrenegotiatingliabilityandinsuranceclausesrelatedtomanagementofcustomerinformation

2.  Modelingofbusinessfunctions,dataclassesandrequiredcontrols

3.  Comprehensiveidentificationofin-scopesystems

4.  Implementationofadequatetechnicaldataprotectioncontrolswithinin-scopesystems–especiallyforCustomerRighttoForget

Page 16: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

APathForward

Copyright©2018Adaptive,Inc.AllRightsReserved. 16

Data Governance Policy Management

Policy Requirements

Policy Controls

Required Evidence

Control Rating Self Assessment

Action / Remediation

Plan

Enterprise Data Management Model

Data Controls

Required Evidence

Control Rating Self Assessment

Action / Remediation

Plan

Enterprise Function Model

Business Information Model

Critical Data Elements

Business Rules

Identification of Golden Source

Data Quality Monitoring

Data Lineage Management

Data Issues Management

Mappings to Business

Applications

TheAdaptiveData“BankinaBox”Meta-Model

Page 17: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

Adaptive“BankinaBox”

Copyright©2018Adaptive,Inc.AllRightsReserved. 17

•  DataGovernanceinaBox,fortheBankingindustry

•  ComeswithDataManagementpoliciespre-definedforthemostsignificantregulations

•  ComeswithdefinitionsofBankingbusinessfunctions,informationanddatamodels,andinsightandknowledgeofwhichfunctionscreateandconsumedata

•  Comeswithpre-defineddescriptionsofCriticalDataElementsforregulatoryfunctions,aswellasthecorebusinessandtechnicalrulesrequiredtoattesttotheirquality

Page 18: Adaptive - What Are Companies Doing About GDPR...What Are Companies Doing About GDPR? Is Your Company Ready? DAMA Day - June 21, 2018 1 Confidential and Restricted. Adaptive, Inc

Thankyou.JeffGoins

[email protected]

ConfidentialandRestricted.Adaptive,Inc.2018


GDPR & HR infographic - Workday · GDPR & HR GDPR harmonises different EU country data privacy regulations into a single set of regulations GDPR by (some of) the numbers GDPR comes

KIT GDPR – IMPLEMENTARE GDPR · 2019. 5. 25. · ANI DE, Audit de Conformitate GDPR 2.449 LEI Mentenanță conformitate GDPR 1.750 LEI499 LEI Externalizare DPO 1.000 LEI Implementare

GDPR & GDPR - Confindustria Ravenna - Alessandro Rani

The General Data Protection Regulation (GDPR)...The General Data Protection Regulation (GDPR) What it is, what we are doing, and what you can do personal in nature (e.g., social security

How does the General Data Protection Regulation (GDPR) affect … does GDPR affect your business.pdf · • GDPR is intended toharmonize data protection lawacross the EU • GDPR

eginning your General Data Protection Regulation …the GDPR, describes what we are doing to prepare for the GDPR, and shares examples of steps you can take today with Microsoft to

From Open Textbook to Adaptive Learning The Possibilities of Doing More with Open February 2016

GDPR digest - tmaclub.com · ARE YOU GDPR READY? {More than a MORTGAGE CLUB} GDPR digest

GDPR & GDPR - Confindustria Ravenna - Luca Tumidei

GDPR ročného obratu - Zyxeldiscover.zyxel.com/rs/471-TTL-126/images/GDPR... · GDPR Zber a spracovanie údajov v súlade s GDPR • Im daná osoba udelila výslovný súhlas ku

Adaptive Hypermedia: What is it and why are we doing it? Dr. Alexandra Cristea [email protected] acristea

Contents Adobe Experience Cloud and GDPR · Adobe Experience Cloud and GDPR | Implementing the Adobe Experience Cloud GDPR API for streamlined GDPR requests 4 Adobe and data governance

MySQL + GDPR

KIT GDPR – IMPLEMENTARE GDPR€¦ · - Kit Implementare GDPR – 40 documente si sabloane editabile - Kit GDPR Setul de 67 de Politici si Proceduri obligatorii - Kit GDPR Setul

GDPR priručnik Kako se pripremiti za primjenu GDPR-a...GDPR priručnik Procjena – planiranje – implementacija - revizija EVENT HORIZON PRODUKTI – GDPR USKLAĐENOST Event Horizon

Doing Business in Europe? GDPR: What you need to know and do

GDPR & GDPR - Confindustria Ravenna - Avv. Alessandro Cecchetti

e principi fondamentali Tutorial GDPR: Introduzione al GDPR GDPR... · Tutorial GDPR: Introduzione al GDPR e principi fondamentali Avv. Silvio Noce. ... alla normativa di cui al Regolamento

BRITISH MODEL FLYING ASSOCIATION General Data Protection (GDPR…btckstorage.blob.core.windows.net/site11032/GDPR/BMFA... · 2018-05-11 · 5 GDPR 2018 V1.1 12 Steps to GDPR Compliance

GDPR in plain English | Business Data Prospects · 2020. 7. 22. · GDPR in plain English Keywords: GDPR, Business Data Prospects, BDP Agency, GDPR Advice, Advice, GDPR Plain English,

GDPR Best Practices Implementation Guide news items/GDPR... · 2020. 3. 30. · This GDPR Best Practices Guide puts forward a GDPR implementation methodology designed to: • Engage

[GDPR Webinar Slides] Path to GDPR Compliance

BCD Travel’s Response to the EU General Data Protection ... · What is BCD Travel doing to prepare for GDPR? Getting “GDPR ready” may seem a daunting task – but with careful

gdpr: Demanding New Privacy Rights And Obligations · 4 GDPR: demanding new privacy rights and obligations GDPR highlights GDPR impacts Organizations will have only 72 hours to report

GDPR, GDPR, vaan mikä se on se GDPR

SYMPHONY’S GDPR COMPLIANCE STRATEGYs GDPR Compliance Strategy.pdfSYMPHONY’S ROLE UNDER THE GDPR The GDPR distinguishes two roles that organisations can play: controllers and processors

Article GDPR and CCTV in taxiscommittee.worcester.gov.uk/documents/s42568/GDPR and CCTV... · 2018. 9. 4. · GDPR and CCTV in taxis Article GDPR has many implications for local authorities

GDPR 규정준수 준비하기 · 2018. 1. 4. · GDPR 규정준수 GDPR 이란? 준비하기 page 2 GDPR 준비 page 3 목차 주요조항및 비즈니스에미치는영향 page

Roadmap to the GDPR - The Extraterritorial Reach of the GDPR

GDPR: What’s going on? - necsia.esa-Necsia-GDPR-360... · (ISO27001, GDPR, PCI-DSS) GESTIÓN DE RIESGOS Y DE TERCEROS ... Curso básico GDPR ... concienciación en GDPR

gdpr Compliance Checklist - Global Privacy & Security ... · GDPR Compliance Checklist . GDPR Compliance Checklist This GDPR Compliance Checklist sets out the key requirements that

GDPR: практика реализации требовани鈦 · pwc Причины появления gdpr gdpr: практика реализации требований

Jargon buster guide to GDPR - Bitpipedocs.media.bitpipe.com/io_10x/io_102267/item... · Jargon buster guide to GDPR In this e-guide: (GDPR) comes into effect on 25 May 2018. GDPR

GDPR and Public Consultation. Are you ready?nakedlaw.typepad.com/files/gdpr--pc_20180126.pdf · 26/1/2018 · GDPR and Public Consultation The EU GDPR (“General Data Protection

ESSENTIAL GDPR COMPLIANCE - Acumenologyacumenology.co.uk/.../12/ESSENTIAL-GDPR-COMPLIANCE.pdf · 02 Essential GDPR Compliance Roadmap 03 Step-by-step guide to GDPR compliance 04 Maintaining