The new European GDPR privacy regulations will significantly impact data governance for multinational companies worldwide. This presentation introduces GDPR, its implications, and a six step process for compliance. In May of 2018 the European Union’s General Data Protection Regulation (GDPR) will go into effect and the fines associated with non-compliance are significant with as much as 4% of global sales.

1. 1
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
Learning Lab
Is Your Organiza.on Ready for the
General Data Protec.on Regula.on?
Jonathan Adams, Research Director
GDPR

2. 2
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
Peter
Steiner;
New
Yorker
Magazine;
July
1993

3. 3
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
GDPR
3 Reasons to Care

4. 4
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
1.
Reduce
Costs
Fines
up
to
4%
of
Global
Revenue
*2016
Annual
Revenues

5. 5
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
2.
Increase
Margins
GDPR
Capabili)es
support
digital
transforma)on
goals
and
drive
new
business
models:
• Consumer
Centric
PLM
• Supply
Chain
&
Channel
OpAmizaAon
• Customer
360
programs

6. 6
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
3.
Grow
Revenue
Data
MoneAzaAon
&
New
Revenue
Streams
• Sports
“Wearables”
• Self
Iden)fica)on
at
POI
• Cloud
Based
Services
“Trust”
with
Partners
&
Customers

7. 7
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
The
Clock
is
Ticking…

8. 8
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
Defining
GDPR
GDPR
is
a
comprehensive
set
of
privacy
regula)ons
designed
to
protect
data
for
individuals
within
the
European
Union.
ObjecAve:
• Give
individuals
control
of
their
personal
data
• Regulatory
consistency
across
the
EU
Impact:
• Covers
personal
data
collected
in
EU
regardless
of
where
the
data
collector
is
located
• All
US
based
mul)
na)onals
doing
business
with
people
in
Europe
will
be
impacted

9. 9
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
GDPR’s
Impact
on
Companies
Any
business
(foreign
or
domes)c)
engaged
with
individuals
within
the
EU
The
no)on
of
Personally
Iden)fiable
Informa)on
(PII)
is
broadly
defined:
data
that
has
the
poten&al
to
iden)fy
a
person
living
in
Europe
falls
under
the
GDPR
GDPR
applies
“horizontally”
across
the
organiza)on’s
business
components,
and
“ver)cally”
at
all
decision
making
levels.
GDPR
applies
across
the
complete
value
chain.
Organiza)ons
are
obligated
to
verify
the
compliance
of
par)es
with
which
they
do
business.

10. 10
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC

11. 11
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
GDPR
Requires
InterpretaAon
General Data
Protec.on Regula.on

12. 12
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
GDPR
Requires
InterpretaAon
It’s
Comprehensive
&
Tightly
WriVen
• All
personal
informa)on
regardless
of
where
it
came
from
and
how
it
is
used
is
governed
It’s
Principle
Based
• Requires
companies
to
adopt
privacy
principles
at
the
cultural
level
It’s
Compromise
LegislaAon
• GDPR
is
a
piece
of
what
legal
scholars
call
compromise
legisla)on:
a
legisla)ve
text
that
tries
to
sa)sfy
two
starkly
opposed
sides
of
the
data
protec)on
debate
When
InterpretaAon
is
Required,
Best
PracAces
are
CriAcal

13. 13
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
The
Governance
Challenge
Crea)ng
transparent
&
defensible
best
prac)ces
that
address
“principles”

14. 14
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
Risk
Management
Accountability
Org
Design
Data
Lineage
Process
Alignment
PII
Cataloging
Interna)onal
Partner
Management
Metadata
Data
Governance
Data
Architecture
Data
Opera)ons
Data
Discovery
Best
Prac)ces
Security
Data
Management
Privacy
Cloud
Services
IoT
The
Governance
Challenge
Mapping
the
best
prac)ces
to
observable
&
measurable
ac)vi)es
across
many
func)onal
areas

15. 15
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
The
4
Core
CapabiliAes
GDPR
requirements
can
be
simplified
by
organizing
around
four
core
capability
areas:
Consulta)on
&
Repor)ng
• Cer)fica)on
• Risk
Management
• Organiza)onal
Alignment
• Data
by
Design
• Risk
Management
• Communica)on
• Remedia)on
• People
• Partners
• Regulators
• OrganizaAon

16. 16
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
1
2
3
4
Forget
Art.
17
Quaran)ne
Art.
18
Package
Art.
20
Fix
Art.
16
Cer)fica)on
Art.
42
Risk
Management
Art.
32
Processor
Compliance
Art.
28
Data
Management
Art.
6,7,9,14
Interna)onal
Art.
27,
44,45,46,47,48,49
Best
Prac)ces
Art.
25,40,42,41,43
Risk
Management
Art.
32,35,36
Accountability
Art.
37,38,39
Consulta)on
Art
36
Best
Prac)ces
Art
40
Consent
Art.
6,7,8,9,10
No)fica)on
Art.
12
Mapping
to
the
RegulaAon

17. 17
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
Datum's
Advisory
Services
group
leverages
our
proprietary
data
governance
model
Capture
Key
governance
components
and
structure
the
governance
opera)ng
model
to
transparently
and
defensibly
achieve
GDPR
compliance
DATUM’s
InformaAon
Value
Management®
How
DATUM
Can
Help
DATUM’s
GDPR
Readiness
Assessment
&
Roadmap
DATUM’s
Informa)on
Value
Management®
sojware
plakorm
allows
you
to
implement
this
governance
opera)ng
model
throughout
the
organiza)on
by
discovering,
understanding
and
connec)ng
the
cri)cal
data
to
important
business
value
drivers.
Informa)on
Value
Management®
also
comes
with
a
library
of
resources
that
help
jump
start
customers’
GDPR
ini)a)ves.

18. 18
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
Where
to
Start:
3
QuesAons
3
2
Can
I
catalog
my
GDPR
related
data?
Do
I
know
where
and
how
it
is
used?
Do
I
have
a
governance
process
with
observable
and
measurable
controls?
1

19. 19
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
1.
Can
I
Catalog
my
GDPR
Related
Data?

20. 20
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
Knowing
what
PII
you
have
and
how
it
is
organized
is
founda)onal
Can
I
catalog
my
GDPR
related
data?
• If
asked
what
is
GDPR
PII,
can
a
data
dic)onary
be
produced?
• Is
it
detailed
enough
to
apply
governance?
If
the
Answer
is
No…
• If
I
you
don’t
know
where
it
is,
you
I
can’t
apply
any
sort
of
governance
1.
Can
I
Catalog
my
GDPR
Related
Data?

21. 21
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
Who
is
in
charge?
Why
is
this
informaAon
valuable?
And
what
is
the
impact
of
a
privacy
breach?
2.
Where
Is
It
and
How
Is
It
Used

22. 22
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
2
Do
I
know
where,
how
and
who
uses
it?
• What
business
processes
use
GDPR
PII?
• Why
do
they
need
PII?
• How
cri)cal
is
the
PII?
Accountability
is
Key
• I
cannot
fix
things
if
no
one
is
accountable!
• Understanding
value
and
impact
priori)zes
resources
2.
Where
Is
It
and
How
Is
It
Used

23. 23
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
3.
Do
I
have
a
Governance
Process?
2
Do
I
have
a
governance
process
with
observable
and
measurable
controls?
Demonstrable
due
diligence
Governance
from
policy
to
data
mi)gates
risk
How
do
I
make
engaging
with
regulators
a
posi)ve
experience?

24. 24
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
The
IVM
demonstraAon
drills
down
on
these
three
foundaAonal
uses
cases
Can
I
catalog
my
GDPR
related
data?
• If
asked
what
is
GDPR
PII,
can
a
data
dic)onary
be
produced?
• Is
it
detailed
enough
to
apply
governance?
Do
I
know
where,
how
and
by
whom
it
is
used?
• What
business
processes
use
GDPR
PII?
• Why
do
they
need
PII?
• How
cri)cal
is
the
PII?
Do
I
have
a
governance
process
with
observable
and
measurable
controls?
It
all
starts
here…
If
I
do
not
know
where
it
is
I
cannot
apply
any
sort
of
governance
Accountability
is
key
• I
cannot
fix
things
if
no
one
is
accountable!
• Understanding
value
and
impact
priori)zes
resources
Demonstrable
due
diligence
Governance
from
policy
to
data
mi)gates
risk
3
2
1

25. 25
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
Datum's
Advisory
Services
group
leverages
our
proprietary
data
governance
model
Capture
Key
governance
components
and
structure
the
governance
opera)ng
model
to
transparently
and
defensibly
achieve
GDPR
compliance
DATUM’s
InformaAon
Value
Management®
How
DATUM
Can
Help
DATUM’s
GDPR
Readiness
Assessment
&
Roadmap
DATUM’s
Informa)on
Value
Management®
sojware
plakorm
allows
you
to
implement
this
governance
opera)ng
model
throughout
the
organiza)on
by
discovering,
understanding
and
connec)ng
the
cri)cal
data
to
important
business
value
drivers.
Informa)on
Value
Management®
also
comes
with
a
library
of
resources
that
help
jump
start
customers’
GDPR
ini)a)ves.

26. 26
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC
Right
Data.
Right
Decisions.
Right
Now.
• Discover
and
understand
the
data
available
to
your
company
• Connect
that
data
to
the
most
important
business
value
drivers
-­‐
opera)ons,
analy)cs
and
compliance
• Clearly
measure
the
impact
data
has
on
corporate
ini)a)ves

27. 27
Confiden)al
and
Proprietary.
All
rights
reserved
Copyright©
2016.
DATUM
LLC