Top Banner
26

Findability Day 2016 - What is GDPR?

Apr 15, 2017

Download

Data & Analytics

Findwise
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Findability Day 2016 - What is GDPR?
Page 2: Findability Day 2016 - What is GDPR?

gregorycampbell

IBM

Page 3: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

October 2016

These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law

General Data Protection RegulationFindability DayMaria Sunnefors – Findability Business Consultant, Findwise

Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics

Page 4: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics

[email protected]

Maria Sunnefors – Findability Business Consultant, Findwise

[email protected]

General Data Protection RegulationFindability Day

Page 5: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

General Data Protection Regulation Background and Overview

These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law

Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics

Page 6: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

The General Data Protection Regulation (GDPR) was published on 4 May 2016, and will be immediately applicable after a 2 year transition period on 25 May 2018 to any organisation which operates in the EU market

Introduces cross-industry 72H breach reporting to regulators and without undue delay to individuals with associated risk of severe reputational harm

Non-compliance has the potential to lead to huge fines of up to €20m or 4% of total annual worldwide turnover, so now is the time to build on the foundations you already have to ensure you Protect, Govern and Know Your Data

The General Data Protection Regulation (GDPR) Applies from 25 May 2018

Page 7: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

General Data Protection Regulation Technical Preparedness

These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law

Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics

Page 8: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

GDPR Technical PreparednessKey Duties, Obligations & Sanctions

Archiving

Legal

Curation Records & Retention

Administrative Finesfor Non

Compliance

Rights of EUData Subjects

Security of Personal Data

Lawfulnessand Consent

Accountabilityof Compliance

Designand Default

Page 9: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

GDPR Technical PreparednessKey Duties, Obligations & Sanctions

Archiving

Legal

Curation Records & Retention

Administrative Finesfor Non

Compliance

Rights of EUData Subjects

Security of Personal Data

Lawfulnessand Consent

Accountabilityof Compliance

Designand Default

Rights of EU Data Subjects• Enhanced rights for data subjects in the EU

including erasure, access and portability Maintain data quality, amending, manipulating,

erasing and exporting it into usable formats in both structured and unstructured environments

Security of Personal Data Need to ensure a level of security appropriate to

the risk including 72H breach reporting Implement pervasive and intelligent internal and

external network defences and restrictions to reduce data risks, including data minimisation, pseudonymisation and encryption techniques

Lawfulness and Consent• Processing is only lawful if there is one of consent, necessity, legal obligation, protection, public interest, official authority or legitimate interest Keep data subjects informed and manage requests in a transparent, efficient and effective manner, and consider appointing a DPO

Accountability of Compliance• Need to demonstrate compliance with the

principles relating to personal data processing pervades throughout the GDPR

Consider how compliance can be proven, including data protection impact assessments, codes of conduct and proactive certification

By Design and By Default• Data controllers must implement technical and

organisational measures which demonstrate compliance with GDPR core principles

Plan for this in the long term e.g. instrument and manage data syndication and data lineage

Administrative Fines for Non-Compliance Regulators can impose Administrative Fines of up to €20m or 4% of total annual worldwide turnover, whichever is higher Additional powers also/ alternatively available to regulators, including gaining access to data and premises, and to auditing

Page 10: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

General Data Protection Regulation Architectural Preparedness

These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law

Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics

Page 11: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

GDPR Architectural PreparednessBroad Requirements & Broad Capabilities

Lawfulness and Consent

Designand Default

Rights of EU Data Subjects

Lawfulness and Consent

Accountability of Compliance

Security of Personal Data

Administrative Finesfor Non

Compliance

Rights of EUData Subjects

Security of Personal Data

Lawfulnessand Consent

Accountabilityof Compliance

Designand Default

Page 12: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

GDPR Architectural PreparednessSolution Framework

Dynamic Policy Management:

Define what, why, how long

Data Infrastructure:

Control use, align cost to

value

Implementation Services:

Distribute policies to data sources

Data Management

Email Servers

User Devices & File

SharesECM & Collaboration

ArchivePlatform

Master Data

Cloud & Social

Databases &Data Warehouse

HadoopPlatform

Lawfulness and Consent

Designand Default

Rights of EU Data Subjects

Lawfulness and Consent

Accountability of Compliance

Security of Personal Data

P o l i c i e s R u l e s A u d i tP r o c e s s e s An a l y s e s

Security &

Com

pliance Monitoring

Page 13: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

IBM Case Manager

GDPR Architectural PreparednessSolution Framework – IBM Technology

Dynamic Policy Management:

Define what, why, how long

Data Infrastructure:

Control use, align cost to

value

Implementation Services:

Distribute policies to data sources

Data Management

Email Servers

User Devices & File

SharesECM & Collaboration

ArchivePlatform

Master Data

Cloud & Social

Databases &Data Warehouse

HadoopPlatform

Lawfulness and Consent

Designand Default

Rights of EU Data Subjects

Lawfulness and Consent

Accountability of Compliance

Security of Personal Data

P o l i c i e s R u l e s A u d i tP r o c e s s e s An a l y s e s

Security &

Com

pliance Monitoring

InfoSphereIBM Atlas

Optim

Page 14: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

General Data Protection Regulation First Steps

These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law

Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics

Page 15: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

First StepsTowards GDPR Preparedness

Decide on your strategy and achieve board level endorsement

Identify and assess key areas of risk by means of an appropriate assessment

Data mapping

Data and Data Source Discovery including:

Identification of sensitive data

Assessment of information handling procedures

Page 16: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

General Data Protection Regulation Content Inventory

These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law

Maria Sunnefors – Findability Business Consultant, Findwise

Page 17: Findability Day 2016 - What is GDPR?

Content InventoryWhat is where?

Page 18: Findability Day 2016 - What is GDPR?
Page 19: Findability Day 2016 - What is GDPR?

Content InventoryWhat is where?

Phase 1: Scoping

Phase 2: Discovery

Phase 3: Analysis

Patterns and sources.

Explore.

Compliance?

Page 20: Findability Day 2016 - What is GDPR?

Phase 1: ScopingWhere to look and what to look for?

Identify source and content

owners. Identify and prioritize sources.

1 2 3 Identify patterns to look

for.

Page 21: Findability Day 2016 - What is GDPR?

Phase 1: ScopingWhere to look and what to look for?

Social security numberaaa-gg-ssss

NameAaaaa Aaaaaaa

Phone numbers0xx - xxxx xx xx, 0xxx xx xx xx

IP addressaaa-gg-ssss

Date of birthYYMMDD

E-mail [email protected]

Page 22: Findability Day 2016 - What is GDPR?

Phase 2: DiscoveryWhat is where?

displaysearch

index

Page 23: Findability Day 2016 - What is GDPR?

Phase 2: DiscoveryWhat is where?

Page 24: Findability Day 2016 - What is GDPR?

Phase 3: Analysis

o Source by sourceo Explicit consent?o Processes and routineso Legal advice

Risk and compliance

Page 25: Findability Day 2016 - What is GDPR?

We have to care and act!Create awareness

Know your data

Data protection is a good thing!

Allocate resources

Findwise Content Inventory

Page 26: Findability Day 2016 - What is GDPR?

© IBM Corporation 2016

October 2016

These presentations are intended to provide friendly and helpful advice only, not a definitive statement of law

General Data Protection RegulationFindability Day – Thank You!Maria Sunnefors – Findability Business Consultant, Findwise

Gregory Campbell – Governance, Regulatory and Legal Consultant, IBM Analytics