Gdpr action plan - ISSA
Se está descargando tu SlideShare.
×
Eche un vistazo a continuación
Recomendado
Más Contenido Relacionado
Presentaciones para usted (20)
A los espectadores también les gustó (15)
Similares a GDPR: Is Your Organization Ready for the General Data Protection Regulation? (20)
Más de DATUM LLC (12)
Más reciente (20)
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
- 1. 1 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC Learning Lab Is Your Organiza.on Ready for the General Data Protec.on Regula.on? Jonathan Adams, Research Director GDPR
- 2. 2 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC Peter Steiner; New Yorker Magazine; July 1993
- 3. 3 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC GDPR 3 Reasons to Care
- 4. 4 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC 1. Reduce Costs Fines up to 4% of Global Revenue *2016 Annual Revenues
- 5. 5 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC 2. Increase Margins GDPR Capabili)es support digital transforma)on goals and drive new business models: • Consumer Centric PLM • Supply Chain & Channel OpAmizaAon • Customer 360 programs
- 6. 6 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC 3. Grow Revenue Data MoneAzaAon & New Revenue Streams • Sports “Wearables” • Self Iden)fica)on at POI • Cloud Based Services “Trust” with Partners & Customers
- 7. 7 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC The Clock is Ticking…
- 8. 8 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC Defining GDPR GDPR is a comprehensive set of privacy regula)ons designed to protect data for individuals within the European Union. ObjecAve: • Give individuals control of their personal data • Regulatory consistency across the EU Impact: • Covers personal data collected in EU regardless of where the data collector is located • All US based mul) na)onals doing business with people in Europe will be impacted
- 9. 9 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC GDPR’s Impact on Companies Any business (foreign or domes)c) engaged with individuals within the EU The no)on of Personally Iden)fiable Informa)on (PII) is broadly defined: data that has the poten&al to iden)fy a person living in Europe falls under the GDPR GDPR applies “horizontally” across the organiza)on’s business components, and “ver)cally” at all decision making levels. GDPR applies across the complete value chain. Organiza)ons are obligated to verify the compliance of par)es with which they do business.
- 10. 10 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC
- 11. 11 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC GDPR Requires InterpretaAon General Data Protec.on Regula.on
- 12. 12 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC GDPR Requires InterpretaAon It’s Comprehensive & Tightly WriVen • All personal informa)on regardless of where it came from and how it is used is governed It’s Principle Based • Requires companies to adopt privacy principles at the cultural level It’s Compromise LegislaAon • GDPR is a piece of what legal scholars call compromise legisla)on: a legisla)ve text that tries to sa)sfy two starkly opposed sides of the data protec)on debate When InterpretaAon is Required, Best PracAces are CriAcal
- 13. 13 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC The Governance Challenge Crea)ng transparent & defensible best prac)ces that address “principles”
- 14. 14 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC Risk Management Accountability Org Design Data Lineage Process Alignment PII Cataloging Interna)onal Partner Management Metadata Data Governance Data Architecture Data Opera)ons Data Discovery Best Prac)ces Security Data Management Privacy Cloud Services IoT The Governance Challenge Mapping the best prac)ces to observable & measurable ac)vi)es across many func)onal areas
- 15. 15 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC The 4 Core CapabiliAes GDPR requirements can be simplified by organizing around four core capability areas: Consulta)on & Repor)ng • Cer)fica)on • Risk Management • Organiza)onal Alignment • Data by Design • Risk Management • Communica)on • Remedia)on • People • Partners • Regulators • OrganizaAon
- 16. 16 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC 1 2 3 4 Forget Art. 17 Quaran)ne Art. 18 Package Art. 20 Fix Art. 16 Cer)fica)on Art. 42 Risk Management Art. 32 Processor Compliance Art. 28 Data Management Art. 6,7,9,14 Interna)onal Art. 27, 44,45,46,47,48,49 Best Prac)ces Art. 25,40,42,41,43 Risk Management Art. 32,35,36 Accountability Art. 37,38,39 Consulta)on Art 36 Best Prac)ces Art 40 Consent Art. 6,7,8,9,10 No)fica)on Art. 12 Mapping to the RegulaAon
- 17. 17 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC Datum's Advisory Services group leverages our proprietary data governance model Capture Key governance components and structure the governance opera)ng model to transparently and defensibly achieve GDPR compliance DATUM’s InformaAon Value Management® How DATUM Can Help DATUM’s GDPR Readiness Assessment & Roadmap DATUM’s Informa)on Value Management® sojware plakorm allows you to implement this governance opera)ng model throughout the organiza)on by discovering, understanding and connec)ng the cri)cal data to important business value drivers. Informa)on Value Management® also comes with a library of resources that help jump start customers’ GDPR ini)a)ves.
- 18. 18 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC Where to Start: 3 QuesAons 3 2 Can I catalog my GDPR related data? Do I know where and how it is used? Do I have a governance process with observable and measurable controls? 1
- 19. 19 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC 1. Can I Catalog my GDPR Related Data?
- 20. 20 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC Knowing what PII you have and how it is organized is founda)onal Can I catalog my GDPR related data? • If asked what is GDPR PII, can a data dic)onary be produced? • Is it detailed enough to apply governance? If the Answer is No… • If I you don’t know where it is, you I can’t apply any sort of governance 1. Can I Catalog my GDPR Related Data?
- 21. 21 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC Who is in charge? Why is this informaAon valuable? And what is the impact of a privacy breach? 2. Where Is It and How Is It Used
- 22. 22 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC 2 Do I know where, how and who uses it? • What business processes use GDPR PII? • Why do they need PII? • How cri)cal is the PII? Accountability is Key • I cannot fix things if no one is accountable! • Understanding value and impact priori)zes resources 2. Where Is It and How Is It Used
- 23. 23 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC 3. Do I have a Governance Process? 2 Do I have a governance process with observable and measurable controls? Demonstrable due diligence Governance from policy to data mi)gates risk How do I make engaging with regulators a posi)ve experience?
- 24. 24 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC The IVM demonstraAon drills down on these three foundaAonal uses cases Can I catalog my GDPR related data? • If asked what is GDPR PII, can a data dic)onary be produced? • Is it detailed enough to apply governance? Do I know where, how and by whom it is used? • What business processes use GDPR PII? • Why do they need PII? • How cri)cal is the PII? Do I have a governance process with observable and measurable controls? It all starts here… If I do not know where it is I cannot apply any sort of governance Accountability is key • I cannot fix things if no one is accountable! • Understanding value and impact priori)zes resources Demonstrable due diligence Governance from policy to data mi)gates risk 3 2 1
- 25. 25 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC Datum's Advisory Services group leverages our proprietary data governance model Capture Key governance components and structure the governance opera)ng model to transparently and defensibly achieve GDPR compliance DATUM’s InformaAon Value Management® How DATUM Can Help DATUM’s GDPR Readiness Assessment & Roadmap DATUM’s Informa)on Value Management® sojware plakorm allows you to implement this governance opera)ng model throughout the organiza)on by discovering, understanding and connec)ng the cri)cal data to important business value drivers. Informa)on Value Management® also comes with a library of resources that help jump start customers’ GDPR ini)a)ves.
- 26. 26 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC Right Data. Right Decisions. Right Now. • Discover and understand the data available to your company • Connect that data to the most important business value drivers -‐ opera)ons, analy)cs and compliance • Clearly measure the impact data has on corporate ini)a)ves
- 27. 27 Confiden)al and Proprietary. All rights reserved Copyright© 2016. DATUM LLC
