The document discusses preparing for the General Data Protection Regulation (GDPR) which takes effect in May 2018. It notes that GDPR was enacted to help protect EU citizens' data and introduces greater privacy requirements for organizations. Key points include introducing a risk-based approach to personal information, applying also to non-EU companies, and introducing concepts like "privacy by design" and the "right to be forgotten." It emphasizes that enterprises must start preparing now to be compliant by the May 2018 enforcement date, with fines of up to 4% of revenue for noncompliance.
2. GDPR enacted to help protect EU passengers data from risk
New pan European
Regulation designed to
protect the privacy of EU
citizens
Introduce a Risk based
approach on PII’s data with
Organization and Technical
measure to mitigate risks
Applies also to
companies outside
the EU that deal
with EU citizens’
data
Introduces
requirements of
privacy by design
and the ‘right to be
forgotten’
Enterprises must start
preparing for the
enforcement data of May
2018
The risk of non-compliance
− Fines of up to 4% of parent company annual
revenue (max. 20 million Euros)
− Mandatory breach notification within 72 hours
unless the PII was encrypted
− Revenue at risk
Some exceptions for enterprise
with less than 250 employees
Key changes impacting Enterprises
EU Regulation will apply across borders
Defensible Disposition
A single set of rules and DPA
DPO
Privacy by design/default
Right to be forgotten
Data portability
Greater Compliance Requirement
Data Minimization
Scope Limitation
Limited Storage Period
Binding Corporate Rules
Encryption/Anonimization
Consent Management
4. Como deve ser o gerenciamento eficiente dos dados?
Descubra o que são
Conecte-se aos dados,
onde quer que estejam
Livrar-se das coisas que
você não precisa
Gerencie-os
centralmente ... enquanto
necessário
5. Como deve ser o gerenciamento eficiente dos dados?
Structured Data Manager
For more information on ControlPoint
ControlPoint
Content Manager
For more information on Content Manager
For more information on ControlPoint
For more information on Structured Data Manager
6. ControlPoint includes a list of standard grammars for entity and pattern matching. These can now be easily
extended using the custom grammar functions. A GDPR based sample is provided to show how to extend grammar
entities and patterns.
What’s new in CP 5.5- Custom Grammars
8. SDM Discovery determines the presence
of specific types of data including
personal data and GDPR use cases.
Scans structured data against pre-
defined grammars
- Regular Expressions
- Lists of Terms
- Data Ranges
Open & Extensible
Reviews and creates documentation
8
What’s new in SDM 5.2: discovery
9. SDM Discovery
Grammars
The Grammars tab displays the
individual grammars used to match
specific types of data for Discovery
analysis purposes.
9
10. What’s New in Content Manager 9.2
Over 85 customer enhancements
10
Improvements to support for large scale, multi tenant delivery as a service provides opportunities
for customers to decrease total cost of ownership by leveraging the economy of scale provided by
shared services.
Improved consignment capabilities and document validation allow satisfying many industry
validation standards.
Three Major
Update Themes:
• Improved user
experience with
continued expansion
of document
management
functionality and
search
• Extended cloud
storage support for
SaaS and hybrid IT
deployment
• High-efficiency
indexing option for
lower total cost of
ownership
Enhanced User Experience
Full real-time editing of
Microsoft Office
documents inside of a
browser, Tabbed
viewing allowing users
to easily perform
concurrent tasks
without losing context
& enhanced support for
search and browsing of
hierarchical objects.
Content Disposition
This includes the ability
for disposal
consignments to be
reviewed and approved
using the web client,
expanding the
versatility of the web
client for both desktop
and mobile
applications.
Cloud-Based Storage
Cloud storage support
for both Microsoft
Azure & Amazon S3
environments will
provide Content
Manager clients with
new & secure cloud
storage capabilities.
SharePoint governance
integration now
includes support for MS
Edge browser, replacing
IE default web browser.
SCM Suite Integration
This version includes
deeper support for
Structured Data
Manager with better
search and improved
viewing of structured
data from Content
Manager.
Content Indexing
Version 9.2 introduces
support for Elasticsearch
for document content
indexing. Elasticsearch is
a widely adopted and
supported, open source
search technology.
11. 1. GDPR Technical Roadmap Design
2. Application Retirement
3. Storage Optimisation
4. Structured Personal Data Management
5. Unstructured Personal Data Discovery
6. Content Management
GDPR Use Cases ROM Library – Ready to Go
13. GDPR Technical Roadmap Design
Being able to respond effectively to GDPR requires multiple changes to
how data is managed without impacting on the business.
• Where are the gaps in my current capabilities in terms of people,
skills and technologies?
• Do I have effective control of my data throughout its lifecycle
through to defensible disposal?
• How can I implement change with minimum disruption to the
business?
MICRO FOCUS CAN HELP…
• Identify gaps within your GDPR effectiveness and create a
technology roadmap for change
• Identify opportunities for increased business value and lower costs
through information restructuring
• Validate compliance options through targeted proof of
concept/tooling
• Provide the program, projects, priority and schedule to manage
your information for compliance
BUSINESS CHALLENGE…
Embed compliance within
information management
processes
Tackle the underlying data
structures that make compliance
difficult and lock value into data
silos
Create an effective roadmap
to GDPR effectiveness
15. J2V Strategic Direction
15
2017 2018 2019
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
ExtendedValueLongTermShortTermQuickWins
Personal Data Inventory – unstructured Data
Personal Data Inventory – Structured Data
Centralized Policy Management
Enterprise Records Management
Privacy by Design / by Default
Consent – Purpose Alignment
Data Minimization (Data Collection Limitation – legal check for minimum required data for customers)
Data Consolidation & Logging
Pseudonymisation / data de-identification for analytics / customer profiling
E-mail Security
Application Security Testing (extend
Fortify for online apps)
Security Incident & Event Management
Extend encryption and data masking for remaining applications
Data Processing logs – identification & consolidation
17. GDPR Structured Data Secure Application Retirement Factory
• How can I remove this old unused GDPR risky unencrypted
structured data from production?
• How can I make this retired data occasionally available but also
secure and encrypted?
• How can I formally control the disposal of this data?
MICRO FOCUS CAN HELP…
• Creation of a Legacy application retirement solution ‘factory’ for
many sources
• Quick, low risk relocation of application into encrypted file
storage for secure low cost handling of legacy application data
• Application data can be unretired temporarily for caretaker
reporting through Postgress.
• GDPR Risk is reduced through consolidation, security and
encryption. Costs are reduced by closing legacy application
licenses and staffing.
BUSINESS CHALLENGE…
I have many legacy applications or parts of applications that I want
to remove from production to reduce my GDPR risk footprint. I
cannot immediately delete this data for legal reasons but I need to
secure and encrypt it away from production to lower costs and risk.
Finally I need to retain reduced access to this data for occasional
reporting.
Factory retirement solution
encrypts and secures
unused structured data until
it can be finally destroyed
Reduce GDPR risk though
retirement of unused
structured data required to
be retained for legal reasons
Caretaker reports provide
reduced access to retired
data and policy retention
schedules guarantee
disposal
19. Storage Optimisation
• Data is overwhelming staff and systems – increasing volumes,
formats and sources
• Data is inaccurate and delivers little insight – Redundant, Outdated
and Trivial
• Information footprint is growing exponentially along with
management costs
• Storage is not optimised, data is not always stored according to
value
MICRO FOCUS CAN HELP…
• Consolidate a view of data from multiple locations and
irrespective of data format
• Determine what documents are Trivial, Obsolete or
Redundant based on OOB rule set
• Report on ROT across a range of source systems
• Apply policies to documents to delete it from your systems or
to archive (move) to cheaper storage
• Reduce the overall storage requirement, saving on data
storage and management costs, and improving operational
efficiencies
BUSINESS CHALLENGE…
It is increasingly hard to get value from unstructured enterprise
data:
Our Storage Optimisation service
helps customers identify and
quantify ROT
Automated policies can delete or
archive ROT data, freeing up
storage space and reducing
clutter
Corporate file shares and SharePoint
contains duplicates and otherwise
outdated or trivial document with no
business value (ROT)
21. Structured Personal Data Management
The General Data Protection Regulation asks me to manage personal
data more effectively, but do you know what personal data you are
holding?
• What does personal data means to the organisation?
• Is personal data replicated throughout the organisation or
centralised?
• If a system contains personal data is it personally identifiable?
• Is that personal data regarded as sensitive?
MICRO FOCUS CAN HELP…
• Detect personal data in structured data sources (databases)
• Reference personal data and apply retention rules
• Automatic removal of personal data based on retention triggers
• Manually triggered removal of personal data, e.g. based on a right
to be forgotten request
BUSINESS CHALLENGE…
Detect personal, identifiable
and sensitive information
within application data
Connect to and aggregate
information from across the
enterprise
Decide what actions to take
on personal data and apply
policy automatically
23. Unstructured Personal Data Discovery
• What does personal data means to the organisation?
• Are users taking extracts from databases to use in documentation?
• Are there multiple copies of documents containing personal data?
• If documentation contains personal data is it personally
identifiable?
• Is that personal data regarded as sensitive?
MICRO FOCUS CAN HELP…
• Consolidate a view of data in multiple locations and
irrespective of data format
• Determine what documentation contains personal data
that exposes risk to the business
• Remove Trivial, Obsolete or redundant data, reducing
potential Personal Data sources
• Apply policies to that documentation to remove it from
your systems or to secure it
BUSINESS CHALLENGE…
The General Data Protection Regulation asks me to manage
personal data more effectively, but do you know what personal
data you are holding?
Detect personal, identifiable
and sensitive irrespective of
data format
Connect to and aggregate
information from across the
enterprise
Decide what actions to take
on personal data and apply
policy automatically
25. Content Management for GDPR Accountability
• Personal data is scattered throughout the organisation in
documentation which is not under proper ownership
• There are no mechanisms for automatically disposing of
information containing personal data when it is no longer required
• There is no single location to go to get process documentation
required under the principle of accountability, which requires that
you can prove that you are compliant.
• There is no mechanism for handling personal data which is in
physical copy.
MICRO FOCUS CAN HELP…
• Design and deliver solutions which meet the requirements of GDPR
through information lifecycle management in an auditable manner
• Ensure that records required under the GDPR principle of
accountability are retained and can be accessed as required.
• Manage information in existing systems which does not have the
required compliance functionality without the need to move it
• Enable physical documentation to be managed in a way which is
consistent with the policies for electronic data
BUSINESS CHALLENGE…
Lifecycle management of
documents containing
personal data through to
disposition
Enables organisations to come into
line with against a broad sweep of
regulations and best practices
Apply policies to legacy
systems without the need
to move or centralise
information
26. 1. GDPR Technical Roadmap Design
2. Application Retirement
3. Storage Optimisation
4. Structured Personal Data Management
5. Unstructured Personal Data Discovery
6. Content Management
GDPR Use Cases ROM Library – Ready to Go