GDPR: Your Journey to Compliance

Welcome to
GDPR: Your Journey to
Compliance
Thursday 2 November 2017, 14:00-17:15
Microsoft UK, Paddington, London

Welcome & Introduction
Michael Frisby, Cobweb MD
GDPR: Your Journey to Compliance

Location
Identifying existing
personal data held
across the
business
Governance
Managing data
subject access
rights, data
storage and use
Security
Protecting against
vulnerabilities and
breach
Reporting
For data requests,
breaches, and
accountability
Achieving GDPR Compliance

Process track
Technical track
----------Define the
requirement
Create the
plan
Helping You Achieve Compliance
GDPR Webinars
GDPR Workshops
GDPR Healthcheck
GDPR Assessments
Implementation Clinics
Virtual Services

GDPR: Your Journey to
Compliance
Agenda
13:45-14:00 REGISTRATION
14:00-14:15 Welcome & Introduction Michael Frisby, Cobweb MD
14:15-14:45 Introduction to GDPR Sean Huggett, Cybercrowd, CEO & Consultant
14:45-15:00 DocuSign and GDPR Jacqueline de Gernier, AVP Commercial Sales
15:00-15:30 Microsoft and GDPR Jonathan Burnett and Samantha Garrett, Partner Technology
Strategists
15:30-15:45 TEA AND PASTRIES
15:45-16:00 TermSet and GDPR Stewart Connors, Head of Customer & Partner Success
16:00-16:15 Acronis and GDPR Ronan McCurtin, Senior Sales Director Northern Europe
16:15-16:30 Mimecast and GDPR David Tweedale, Team Leader
16:30-16:45 QGate and GDPR Rowland Dexter, Managing Director
16:45-17:15 Panel Interview Sean Huggett (Cybercrowd), Jonathan Burnett (Microsoft),
Michael Olpin (Cobweb)
Cobweb GDPR Support Package
GDPR Health Check ‘Raffle’
Closing Thoughts

Introduction to GDPR
Sean Huggett, Cybercrowd, CEO and Consultant

• Came in to force on 24th May 2016 – enforceable from 25th May 2018
• EU Regulation – has direct effect – no local legislation required
• Replaces the Data Protection Act 1998 - transposed into law from Data Protection Directive 1995
• Aims to support the digital single market and give data subjects control over their personal data
• Wide scope & coverage
• Guidance on interpretation and compliance still being developed
• UK Government has confirmed applicability in UK notwithstanding Brexit
Introduction to GDPR

Key Definitions
Data Controller
• “the natural or legal person… which … determines the purpose and means of the processing of personal data”
Data Processor
• “a natural or legal person… which processes personal data on behalf of the controller”
Data Subject
• “an identified or identifiable natural person”
Personal Data
• “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person
is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an
identification number, location data….”
Processing
• “any operation or set of operations which is performed on personal data or on sets of personal data whether or not by
automated means, such as collection, recording, organisation, structuring, storage…”

Six Data Protection Principles & Accountability
• Six data protection principles – overview of your most important duties in complying with GDPR
• Introduces ‘accountability principle’ – Data Controllers responsible for being able to demonstrate compliance with the six
principles
processed lawfully, fairly and transparently
collected for specified, explicit & legitimate purposes
adequate, relevant & limited to what is necessary for processing
accurate and kept up to date
kept only for as long as is necessary for processing
processed in a manner that ensures its security
1
2
3
4
5
6
Personal Data shall be:
ACCOUNTABILITY

Data Subject Rights
Rights to:
• Information - think about Privacy Notices
• Access - think about Subject Access Requests
• Object to Processing
• Rectification
• Erasure – ‘right to be forgotten’
• Restrict Processing
• Data Portability

Obligations & International Transfers
Obligations
• Data Protection Officers (DPO)
• Data Protection Impact Assessments (DPIA)
• Data Protection by Design and by Default
• Controller & Processor Records
• Security of Processing
• Breach Notification
• Processor contracts with guarantees that processing will meet the requirements of GDPR
International Transfers – Restricted & Regulated – Conditions to be Met
• Basis of Adequacy
• Appropriate Safeguards
• Binding Corporate Rules (BCRs)
• International Cooperation Mechanisms: EU-US Privacy Shield

Remedies & Liabilities
Liabilities
• Administrative Fines – ‘Effective, Proportionate & Dissuasive’
o Higher of 4% of global turnover or €20m for top tier infringements
o Higher of 2% of global turnover or €10m for lower tier infringements
• Warning of likely infringement
• Reprimand for infringement
• Others, including: order data breach communication, order limitations on processing, order rectification/restriction/erasure
Data Subject Remedies
• Right to judicial remedy where their rights have been infringed as a result of the processing of personal data
• Right to compensation – data subjects who have suffered material or non-material damage
• Controller & Processor joint and several liability
• Collective claims / class-action type litigation possible – higher litigation risks

Some Practical Steps
1. Understand Personal Data You Hold:
• Data mapping – identify Personal Data held, how it was/is collected, data flows, who has access, where it is stored etc.
• Apply the 6 Principles to the Personal Data you hold.
• Assess the risks to rights and freedoms of data subjects associated with your processing / the personal data you hold.
• Identify transfers to 3rd countries.
2. Review 3rd Party Relationships:
• Identify your 3rd party processors.
• Review the contracts, bring them into compliance – including cloud service providers.

3. Document Your Processing Activities:
• Put the required documentation in place – records of processing activities, records of consent etc.
• Document how you comply with GDPR – demonstrate you are consistently applying best practice.
4. Apply Technical and Organisational Measures:
• Implement strong information governance measures, including policies and procedures covering:
o Data protection
o Information security
o Breach response and notification
• Adopt a ‘Cyber Resilience’ approach covering People, Process & Technology in line with best practice.
• Implement an ISMS / PIMS / Compliance Framework – apply best practice and certify where appropriate
Some Practical Steps

Thank you
Speak to a member of the Cobweb team
if you’d like to know more!

DocuSign and GDPR
Jacqueline de Gernier, AVP Commercial Sales

Getting to Grips with the GDPR:
How to Fast-Track Your Compliance

14+ Years Innovation
Highest level certifications
188 Countries 43 Languages
13 Offices 5 Continents
300k+ corporate customers
200 million total users
#1 Analyst rated

Trust
Legal & Compliance
Bank-Grade Security & Encryption
Platform & Scalability
Capabilities & Usability
Mobile
Customer Success Programmes
Experience
The DocuSign Difference
Why customers choose DocuSign
Partners & Integrations
Global
#1 APIs
Choice

Financial
Services Insurance High Tech
Communications
/Media Pharmaceutical Real Estate Consumer Everywhere

Sales
Experience
Significantly improved
Procurement
50x faster
Contract signing
“It speeds up the
process and makes
it more compliant”
HR
10 minutes
Fastest contract returned
“DocuSign has
revolutionised how
we send out HR
contracts at E.ON”
Customer Success
Use case Use case Use case
“Steps that previously
took days through post
now take minutes”

Demanding requirements for consent
Under the GDPR, consent must be:
• Freely given
• Specific
• Informed
• Unambiguous
"Consent should be given by a clear affirmative act … such as by a written statement,
including by electronic means, or an oral statement… Silence, pre-ticked boxes or
inactivity should not therefore constitute consent." (Recital 32)

Consent will often be required
When collecting an individual’s
personal information relating to:
• Using an individuals sensitive
personal information
• Sending an individual e-marketing
• Sharing an individual’s personal
information with independent third
parties

Consent must be verifiable
Businesses must be able to prove that it obtained the individual's
consent, requiring businesses to maintain consent records that
can be checked to verify:
1. That the individual has consented;
2. What they consented to, and;
3. When they consented
Individuals "shall have the right to withdraw his or her consent at any time… It shall be
as easy to withdraw consent as to give consent." (Art 7(4))

Common consent challenges
• Marketing / Sales – Personal information for e-marketing
purposes
• HR – Personal information for a job application or for the
provision of employee benefits
• Healthcare – Personal information for the purpose of medical
studies and clinical trials
• Online – Consenting to the use cookies and similar tracking
technologies

Re-contracting with Suppliers
Business must ensure:
• Legacy vendors move to new,
GDPR-compliant, data
protection terms
• Future vendors are also
signed up to GDPR-compliant
terms

How DocuSign can be part of a
GDPR Consent solution

Consumers
Customers
Partners
Suppliers
Employees
Business

Disconnected
Systems
Manual
Processes
Fragmented
Policies
Consumers
Customers
Partners
Suppliers
Employees
Business

Consumers
Customers
Partners
Suppliers
Employees
Business
Digital consent

Bespoke reports for GDPR and the data can be extracted

Case Study: Filestream
Company’s Top Challenges
• Manual processes – contracts require manual chasing to fulfill terms and conditions
• Not GDPR-ready – holding of personal data is not currently compliant with legislation
• Inadequate security – Information sent over email is not as secure as it could be
Reasons for Choosing DocuSign
• Security standards – DocuSign meets and exceeds some of the most stringent US,
EU, and global security standards
• Commitment to compliance – DocuSign is actively monitoring regulator guidance
and interpretations of key GDPR requirements
• Digitising process – digital signatures remove need to print and scan paper
documents
The Key Benefits
• Quicker signing process – turnaround time is now 40 times faster
• Customer consent – DocuSign’s tools are being utilised to be ready for new
legislation coming into force in May 2018
• Data protection – personal data is protected whenever a third-party comes in
contact with it
“I wouldn’t choose any other
partner but DocuSign for ease
and security – Paul Day,
Technical Director, Filestream
EXECUTIVE OVERVIEW TOP BENEFITS ACHIEVED
Company: Filestream
Headquarters: Berkshire, UK
Founded: 2003
Industry: Software
Website:
www.filestreamsystems.co.uk
Partners: DocuSign
Use Case: Sales
ABOUT
45 minutes
Contract turnaround
time
40 x faster
Quicker signing
experience
GDPR-ready
DocuSign tools being
used for compliance

Thank you
Email: Jacqueline.degernier@docusign.com
GDPR Seminar – 9th Nov
5pm – 7pm
ETC Venues, Fenchurch Street
discover.docusign.co.uk/best-practices-for-gdpr

Microsoft
and GDPR
General Data Protection Regulation
Jonathan Burnett, Partner Technology Strategist Samantha Garrett,
Partner Technology Strategist

What are the key changes to address the GDPR?
Personal
privacy
Controls and
notifications
Transparent
policies
IT and training
Organizations will need to:
• Train privacy personnel
& employee
• Audit and update data
policies
• Employ a Data
Protection Officer (if
required)
• Create & manage
compliant vendor
contracts
Organizations will need to:
• Protect personal data
using appropriate security
• Notify authorities of
personal data breaches
• Obtain appropriate
consents for processing
data
• Keep records detailing
data processing
Individuals have the right to:
• Access their personal
data
• Correct errors in their
personal data
• Erase their personal data
• Object to processing of
their personal data
• Export personal data
Organizations are required
to:
• Provide clear notice of
data collection
• Outline processing
purposes and use cases
• Define data retention
and deletion policies

How do I get started?
Identify what personal data you have and
where it resides
Discover1
Govern how personal data is used
and accessed
Manage2
Establish security controls to prevent, detect,
and respond to vulnerabilities & data breaches
Protect3
Keep required documentation, manage data
requests and breach notifications
Report4

Discover:
Identify what personal data you have and
where it resides
In-scope:
•
•
•
•
•
•
•
•
•
•
Inventory:
•
•
•
•
•
•
•
Microsoft Azure
Microsoft Azure Data Catalog
Enterprise Mobility + Security (EMS)
Microsoft Cloud App Security
Dynamics 365
Audit Data & User Activity
Reporting & Analytics
Office & Office 365
Data Loss Prevention
Advanced Data Governance
Office 365 eDiscovery
SQL Server and Azure SQL Database
SQL Query Language
Windows & Windows Server
Windows Search
Example solutions
1

2
Example solutions
Manage:
Data governance:
•
•
•
•
•
•
•
•
Data classification:
•
•
•
•
•
•
•
Microsoft Azure
Azure Active Directory
Azure Information Protection
Azure Role-Based Access Control (RBAC)
Dynamics 365
Security Concepts
Office & Office 365
Advanced Data Governance
Journaling (Exchange Online)
Microsoft Data Classification Toolkit

3
Example solutions
Protect:
Preventing data
attacks:
•
•
•
•
•
•
•
•
Detecting &
responding to
breaches:
•
•
•
•
•
•
Microsoft Azure
Azure Key Vault
Azure Security Center
Azure Storage Services Encryption
Azure Active Directory Premium
Microsoft Intune
Office & Office 365
Advanced Threat Protection
Threat Intelligence
SQL Server and Azure SQL Database
Transparent data encryption
Always Encrypted
Windows Defender Advanced Threat Protection
Windows Hello
Device Guard

4
Example solutions
Record-keeping:
•
•
•
•
•
Reporting tools:
•
•
•
•
•
•
Microsoft Trust Center
Service Trust Portal
Microsoft Azure
Azure Auditing & Logging
Azure Data Lake
Azure Monitor
Dynamics 365
Reporting & Analytics
Office & Office 365
Service Assurance
Office 365 Audit Logs
Customer Lockbox
Windows Defender Advanced Threat Protection
Report:

GDPR Resources
Microsoft Whitepaper on "Beginning your
GDPR Journey"
Microsoft.com/GDPR
servicetrust.microsoft.com
aka.ms/GDPRblogpost
Data Breach

Management
2. Data Encryption
3. Phishing Protection
4. 2 Factor Authentication
5. Cloud Application Security
6. Mobile Security
Risk Mitigation Suggestions

15:30-15:45
Tea & Pastries

TermSet
and GDPR
Stewart Connors, Head of Customer & Partner Success

GDPR
Automate the process for discovering Personal Identifiable Information (PII)

The Challenge
External
• GDPR will require all EU organisations to focus on discovering PII on behalf customers & former employees
• “Subject Access Request” is not new and will continue
• “Right to be Forgotten” is new & will force organisations to collect all the digital information they hold
Internal
• Organisations information is held multiple IT systems
• Also non approved IT systems (shadow IT/BYOD)
• Information is typically held in documents that are structured and un structured
• Discovering PII is currently a manual process
• This will costs organisations time and money
• “Subject Access Request” Ongoing breaches & Fines
• 49% of organisations had a document breach in the past 2 years*
• 73% of employees are accidentally exposing information stored within documents*
• 63% of organisation’s claim they are unable to locate sensitive data stored in documents*
*Information taken from the Ponemon Institute Research report May 2017.

ScanR
Generate Reports
Discover PII in Office docs,
PDF, OCR on the fly.
Multiple Systems
The Solution Identify and retrieve GDPR
Personal Identifiable Information
within documents stored in
multiple systems.

Connect to SharePoint, a
File Share or other systems
Documents where we wish to
determine if they contain
sensitive data

Choose the types of information
you would like to discover
• Over 100 pre-defined rules or you
can make your own
• Artificial Intelligence for Pattern
Matching

Documents Marked in place or
reports produced

Three data
sources read
~19k Documents
read with 79%
containing PII
data
Breakdown of
what PII data is
contained where
Locations of the
sensitive data
Which systems
contain the most
sensitive data
Overview Dashboard

Search for information across your data sources
Immediately see the records that match
Understand the types of data that contain the information
Query engine

11 Chapters with 99 Articles
http://www.eugdpr.org/article-summaries.html
ScanR will help you comply with Articles: 5, 15, 16, 17, 18, 20, 24, 30, 32, 35, 42, 44, 45.
• Gain understanding of the where the PII data is located
• Gain an understanding of who has access to it
• Gain an understanding of how long it’s being retained
• Retain personal data for a period of time directly related to the original intended purpose
• Find risky files and take action
• Manage a Subject Access Request
• Request a port of the data
• Request a correction to the data
• Request deletion of the data
Articles Contained in the GDPR

Summary
ScanR
• Automate the process for discovering PII
• Quickly respond to “Subject Access Request” & “Right to be Forgotten”
• Comply with over 10 of the 99 Articles
Next Step
• Free trial up to 1,000 documents

www.termset.com
stewart@termset.com

Acronis
and GDPR
Ronan McCurtin, Senior Sales Director Northern Europe

Where Acronis supports GDPR compliance
• Key activities
• Privacy impact assessment
• Data access governance
• Data breach notification / resolution
• Secure storage of active data
• Archiving and deleting
Acronis Backup
Acronis Storage
Acronis Backup Cloud
Acronis Disaster Recovery
Service

Requirements for GDPR-compliant backup and storage 1
Requirement Desirable features GDPR recitals supported
Control data storage location • Reporting for compliance • 101: General principles for international data transfers
Encrypt data securely • Encryption on the device, in
transit, and at rest
• 78: Appropriate technical and organizational measures
• 83: Security of processing
Browse backups • Drill-down to easily find required
data
• 63: Right of access
• 65: Right of rectification and erasure
Modify personal data • Easy modification if requested by
data subject
• 59 Procedures for the exercise of the rights of the data subjects
• 63: Right of access
• 64: Identity verification
• 65: Right of rectification and erasure
Export data in a common
format for easy data
portability
• ZIP archive for easy portability • 68: Right of data portability
Recover data quickly • Acronis Instant Restore to deliver
15-second recover time objectives
(RTOs)
• 78: Appropriate technical and organizational measures

Requirements for GDPR-compliant backup and storage 2
Requirement Desirable features GDPR recitals supported
Minimize compulsory data breach
reporting
• Proactive prevention of malware damage to files
• Specific protection of the Acronis Backup agent to
prevent data breach of backups
85: Notification obligation of breaches to supervisory
authority
86: Notification of data subjects in the case of data
breaches
87: Promptness of reporting / notification
88: Format and procedures of the notification
Blockchain-based data
certification
• Acronis Notary validation of the authenticity and
integrity of backups
78: Appropriate technical and organizational measures
Backup retention, deletion • Flexible setting of retention time of data, archival
rules, etc.
• Ability to delete backup at any moment
66: Right to be forgotten
Logs availability • Logging of operations with data 82: Record of processing activities [correct?]
Role-based access • Multilayered and highly customizable data access
rights
63: Right of access [correct?]
Risk management control • Very flexible backup and Active Protection 84: Risk evaluation and impact assessment [correct?]

What to look for in GDPR-compliant backup and storage
• Data subject control of data storage location
• Individual must have final say as to where personal data is
stored: on-premises or in a specific EU-based data center
• Data encryption
• Strong data encryption on-device, in transit and in the cloud
• And entirely automated encryption process, with the data
subject as the sole holder of the decryption key, meeting GDPR
data security requirements

• Ability to search data inside backups
• Ability to drill down through backups, making it easy
to find required information on behalf of data subjects
• Ability to modify personal data
• Easy way to modify personal data if and when
requested by data subjects

• Data export in a common format
• Ability to export personal data in a common and easily
usable format (e.g., ZIP archives) to meet the GDPR
data portability requirements
• Quick data recovery

• Flexible setting of retention time of data,
archival rules, etc.
• Extensive logging
• Multilayered and highly customizable data
access rights
How Acronis helps your company achieve GDPR compliance

How Acronis helps your company achieve GDPR
compliance
• Active Protection against ransomware
• Proactively preventing breaches is easier and more cost-
effective suffering breaches and doing the mandatory
incident reporting
• Acronis Active Protection™ detects and blocks
ransomware attacks and instantly restores any affected
data
• Blockchain-based data certification
• Acronis Notary™ provides immutable proof of the
integrity of protected data using Blockchain technology

With an economic incentive
to it, new Ransomware
families appeared fast…
Source: F-Secure

Ransomware Big Trends
Advancing into new operating systems
Advancing into new platforms and devices
Ransomware-as-a-Service
Advanced attack techniques

Trend 4: Advanced attack techniques
2010
Detection of
non-signed files
2014
Protection for
Windows only
2016
Detection by
checking file
type/header
2016
Detection of
executable files
2016
Detection in
running
Windows
system
Malware
signed by
stolen
certificate
Injects into
system
processes and
acts on their
behalf
Attacks
Mac OS X
and Linux
Only body
of the file
is encrypted
Uses scripts
and non-
malicious
executables
Infects before
Windows
starts
2014
Exclude know
legitimate
system files
2017
Use of Backup
to protect
against
Ransomware
Attacks &
Encrypts
different
backup files
Next Generation Ransomware families targeting
Backup software

… Data Protection evolves too
Acronis CustomersAcronis Labs
Infected and clean
processes farms
Provides processes
behavior data
Updated knowledge base
Acronis Learning
Service
Acronis Cloud Brain
Model training, parameters
optimization
You are protected even
without Internet
Acronis Local
Knowledge Base
Acronis Active Protection 2.0: Learning Infrastructure

Complete protection against modern techniques
2016
Detection by
checking file
type/header
Only body
of the file
is encrypted
Entropy
measurement
2010
Detection of non-
signed files
2014
Protection for
Windows only
2016
Detection of
executable files
2016
Detection in
running Windows
system
Malware
signed by stolen
certificate
Injects into
system processes
and acts on their
behalf
Attacks
Mac OS X
and Linux
Uses scripts and
non-malicious
executables
Infects before
Windows starts
2014
Exclude know
legitimate system
files
Checks for
injections in
system processes
(with Machine
Learning)
Protection
Windows, Mac
and Linux
Both executable
and scripts
detection
Pre-Boot anti-
ransomware
protection
Compromised
signatures
check
Acronis Active
ProtectionTM
2017
Use of Backup to
protect against
Ransomware
Attacks &
Encrypts different
backup files

Acronis Notary powered by Blockchain
Ensuring that data is authentic and unchanged
“Acronis Notary assures that files are
unchanged since they were backed up.”
Have confidence of data
authenticity
•A public, secure Blockchain
ledger verifies the authenticity
of files
•Backup enables the recovery of
the original document
•Acronis Notary provides
mathematical assurance that
the contents of a file perfectly
match the original contents that
were backed up

Mimecast
and GDPR
Data Protection and Data Management
David Tweedale – Team Leader

Spear-phishing credentials to
exploit point-of-sale systems
Used as
stepping stone
onto victims
network
Compromised
point of sale
systems
Customer data
stolen, including
credit card details
Large GDPR Fine
and costs to
investigate and
remediate
Access gained via
spear-phishing
attack on a
sub-contractor

Type of attacks:
• Weaponised
attachments
• Malicious URLs
• Malware-less attacks
• Ransomware
• Phishing
• Insiders
Key Strategies
• Multi Layered Approach
• User Awareness
• Advanced Threat
Protection
• Logging and monitoring
of internal user activities
• Protected, plan B email
route and access
Malware can have a devastating impact
on organizations contributing to
significant GDPR fines related to data lossAnti Malware
Technology capabilities:
Data protection

Data leaked by disgruntled employee
Employee emails
copy of client
database to
personal mail
account
Data collected by
the company is
now
compromised.
Customer
sensitive data
leaked. GDPR fine
imposed.
Disgruntled
employee wants
to leave and
cause damage to
the business

Data Leak
Prevention
(DLP)
Data protection
How is data leaving the
organization?
• Internal department
leakage
• Email attachments
• Shadow IT
Key Strategies
• Internal communications
DLP
• Outbound mail inspection
• Corporate data sharing
• Secure messaging channel
Data Loss Protection (DLP) tools prevent
inadvertent data breaches by blocking
emails containing personal data

Encryption
Data protection
Where is data encrypted?
• Data stored in
applications
• Laptops/Mobile
Devices?
• Email archives
Key Strategies
• Secure storage of data
• Secure transfer of data
• Secure data in transit
• Limit data on portable
devices
Encryption of data in systems and
applications reduces the potential
impacts of a data breach

Breach
Notifications
Data protection
Key Information
required?
• Analysis of breach
• Mitigate negative
consequences
• Alert data protection
officer
Key Strategies
• Gather data from Security
Incident and Event
Monitoring (SIEM) system
• Identify location of data
breach
• Identify if personal data
was leaked
• Mitigate negative effects
Organizations have 72 hours to notify
relevant authorities once a data breach
is discovered

Data Management
Supporting access rights of individuals
Data ManagementData Protection
Anti
Malware
Data Leak
Prevention
Encryption
Breach
Notifications
Search and
Discovery
Secure
Repository
Chain of
Custody
Access
Control

GDPR – Subject Access Request
and Data Portability
IT Administrator
searches across
data repositories
Results
validated/reviewed
Secure
transmission of
data to data
subject
Data Subject
requests access
to data stored on
them

Subject Access
Requests
(SAR)
Data management
What is the impact?
• Requests need to be
handled quickly
• Accurate personal data
and additional
information
• Availability in electronic
format
Key Strategies
• Locate requested personal
information quickly
• Prepared response templates
• Employee training to handle
SARs
• Self-service portal for SARs
Individuals have the right to obtain
confirmation that their personal data is
being processed

Data Portability
Data management
What is the impact?
• Exports need to be
timely
• Useable format
• Safe delivery of that
export?
Key Strategies
• Data must be structured,
searchable
• Exports to common formats
• Ensure the safe delivery of
exported data
• Subject review and confirm
data required
Individuals have the right to request an
export of their data a format that can be
given to another vendor or service

GDPR – Right To Be Forgotten
IT Administrator
searches across
data repositories
Time consuming Confirmation
given that data is
erased
Data Subject
requests all
personal data to
be erased

Right To Be
Forgotten
Data management
What is the impact?
• Complete erasure
• Across all systems
• Unless overriding policy
is in place
Key Strategies
• Data must be structured,
searchable
• Dynamic data adjustments
• Retention management
• Auditable deletion
• Ability to review prior to
deletion
Individuals have the right to request
erasure of their personal data held by a
data controller (subject to conditions)

Mimecast Solution
Simplifying GDPR Compliance for Email
Data Management
Search and
Discovery
Secure
Repository
Chain of
Custody
Access
Control
Secure Messaging
Advanced Threat Security Mimecast Cloud Archive
DLP & Content Security API
RBAC &
Data Guardian
Large File Send
Mailbox Continuity
Archive Power ToolsSearch and Review
Data Protection
Anti
Malware
Data Leak
Prevention
Encryption
Incident
Management
Mime | OS

You need technology that
provides the best possible multi-
layered protection
PREVENT
You need to control,
protect, find and
access data effectively
MANAGE
You need to sustain
compliance support
at all times
MAINTAIN
Email Cyber Resiliencefor GDPR

QGate
and GDPR
Paribus Discovery - One Small Step…
Rowland Dexter, Managing Director

Who are QGate
• A Dynamics 365 implementation partner (UK HQ), est. 1997
• Working with Dynamics CRM since V4 (2007)
• ISV solutions are a key part of our company strategy
• Partner friendly established reseller program

The Problem
Duplicate Data
• A primary element of poor data quality
• However, in regards to GDPR specifically
• How do you manage personal data when you have multiple instances of the same
person
• Rob Dixon
• Bob Dickson
• Robert Dicksen
• Dixon R
A recent QGate audit showed an average of 7.2 % duplication in CRM

The Solution
Paribus Discovery
A batch tool which IDENTIFIES duplicate data
within any SQL based data source

The Paribus Match Engine
Phonetic Data Matching
• Foto Centre, Photo Center
• Kris Dixon, Chris Dickson, Criss Dicksen
• Cheryl Wiatt, Sheryl Wyiatt, Sherril Wyatt
Synonyms & Abbreviations & Acronym Matching
• Robert, Bob, Bobbie, Rob, Robbie, Roberto
• William, Will, Willy, Bill, Billy
• Richard, Rich, Ric, Dick, Ricky
• International Business Machines, IBM, I.B.M
Data Sequence Variation
• Florida University, University of Florida
• Arizona 1st National Bank, First National Bank of Arizona
• 123 (Flat A) Acacia Avenue, Flat A – 123 Acacia Avenue
Data Segmentation
• QGate Software, Q Gate Software Q-Gate Software
• GuideMark, Guide Mark, Guide-Mark
• 3Com, 3 Com, 3-Com
Gender Analysis
• Paul v Paula
• Daniel v Danielle
• Jo v Joe
• Andy v Andie

The Paribus Match Engine
 Bill Dixon
 Marketing Manager
 1st National Bank of Arizona
 123 Flat A
Acacia Avenue
Phoenix
Arizona
CRM Contact
 William Dickson
 Manager of Marketing
 First Bank of Arizona
 (Flat A) 123 Acacia Avenue
Phoenix
AZ
CRM Contact
 Billy Dicksen
 Marketing Director
 1st Bank of National Arizona
 123 Acacia Avenue (Flat A)
Phoenix
Arizona
CRM Contact

Paribus Discovery - Identify
A business user
can then:
• Review & confirm
the matches
• Review & confirm
the
primary/master
record

Paribus Discovery - Resolve
The CRM admin
user then:
• Uses the
plugin to
execute the
merge/purge
process
Dedicated Paribus for
Microsoft Dynamics
CRM plugin
responsible for the
data cleansing (data
merging, purging and
consolidation)
of CRM data.
Paribus CRM
Plugin

Paribus Interactive
The user does what
they do today, just
enter data
As they do, Paribus
Interactive searches for
potential duplicates and
highlights the possibility
The more information
entered the search is
refined

Paribus Interactive
Note the results are
from multiple entities
To see the results
click here
Can navigate
direct to the record

Summary
Paribus Discovery INDENTIFIES Duplicate data
Within Dynamics 365 able to REMOVE (merge/purge)
Open API to build your own removal process Plugin
Export results to feed into an external process
Paribus Interactive for Dynamics 365
Ahosted SaaS based service providing fuzzy SEARCH and LOOKUP function.
www.paribuscloud.com
info@paribuscloud.com
Rowland.dexter@qgate.co.uk

Panel Interview
Host – Caroline Wigley (Cobweb),
Sean Huggett (Cybercrowd), Jonathan Burnett (Microsoft), Michael Olpin
(Cobweb Finance Director)

Closing Thoughts

1-day free GDPR health check (worth £1,200)
…
…the result

Thank you to our presenters

Thank you
for attending
Speak to a member of the Cobweb team
if you’d like to know more about GDPR!

GDPR: Your Journey to Compliance

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a GDPR: Your Journey to Compliance

Similar a GDPR: Your Journey to Compliance (20)

Más de Cobweb

Más de Cobweb (8)

Último

Último (20)

GDPR: Your Journey to Compliance