understanding my data and getting value from it...understanding my data and getting value from it...
Post on 18-Jun-2020
3 Views
Preview:
TRANSCRIPT
© 2017 IBM UK & Ireland
Understanding my data and
getting value from itCreating Value With GDPR: Practical Steps
20th February 2017
Gregory CampbellGovernance, Regulatory and Legal Consultant, IBM Analyticsgcampbell@uk.ibm.com
Sol BarronInformation Governance Specialist, IBM Analyticssol.barron@uk.ibm.com
Simon KnezevicGDPR Lead – Distribution Sector, IBM GBSsimon.knezevic@uk.ibm.com
© 2017 IBM UK & Ireland 2
Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European
Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to
the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions
the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities
described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal,
accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with
any law or regulation.
References to GDPR are references to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Notice
© 2017 IBM UK & Ireland 3
Understanding My Data – Data Mapping and Data Discovery
© 2017 IBM UK & Ireland 4
Understanding My Data – Data Mapping and Data Discovery
ORGANISATIONAL and TECHNICAL MEASURES
© 2017 IBM UK & Ireland 5
Understanding My Data – Data Mapping and Data Discovery
PROACTIVE vs REACTIVE
© 2017 IBM UK & Ireland 6
Understanding My Data – Data Mapping and Data Discovery
PROACTIVE vs REACTIVE
© 2017 IBM UK & Ireland 7
Understanding My Data – Data Mapping and Data Discovery
PROACTIVE and REACTIVE
© 2017 IBM UK & Ireland 8
Understanding My Data – Data Mapping and Data Discovery
VALUE
© 2017 IBM UK & Ireland 9
Understanding My Data – Data Mapping and Data Discovery
DATA MAPPING
DATA DISCOVERY
VALUE
© 2017 IBM UK & Ireland 10
DATA MAPPING
Understanding My Data – Data Mapping and Data Discovery Basic Concepts
“Top Down” process cataloguing the locations in your
organisation where (personal) data and processes
exist, together with e.g. their usage and purposes
© 2017 IBM UK & Ireland 11
DATA DISCOVERY
Understanding My Data – Data Mapping and Data Discovery Basic Concepts
“Bottom up” process, commonly supported by tools,
to discover and classify the content of data stores
© 2017 IBM UK & Ireland 12
DATA MAPPING
What is Data Mapping? GDPR Context…
Article 30 of Regulation (EU) 2016/679
Recital 82 of Regulation (EU) 2016/679
© 2017 IBM UK & Ireland 13
GD
PR
A
RT
IC
LE
3
0
Re
co
rds
of
Pro
ce
ss
ing
Ac
tivit
ies
who
where
way
controller
processor
written
sme
why
who
where
way
regulator
when
what
why
What is Data Mapping? GDPR Context…
Article 30 of Regulation (EU) 2016/679
© 2017 IBM UK & Ireland 14
What is Data Mapping? The Challenges…
Interpreting, following and actioning Article 30
Building on existing data mapping activities to align with GDPR
Leveraging the application of data mapping beyond Article 30
Continuing obligation, not a one-time process
© 2017 IBM UK & Ireland 15
Methodical and/or targeted review of data stores across the information landscape
Generally a tools based approach to understand contents but can involve manual activity
Discovery and classification of personal data is an implicit and pervasive requirement of the GDPR
What is Data Discovery? How does it relate to and help Data Mapping?
© 2017 IBM UK & Ireland 16
Data Mapping and Data Discovery – GDPR outcomes… and beyond
Support demonstration of records of processing activities to regulators
Enabler towards master data
management (single view of the individual) projects
Foundational steps towards
conforming with the wider GDPR…
… and beyond GDPR...
© 2017 IBM UK & Ireland 17
Understand My Data
Protect, govern and know your data – you can’t protect and govern what you don’t know
Finding Personal Data within the petabytes of information across an enterprise is a technical and organisational challenge
The proliferation of unstructured data makes this even harder
Tools need to be an essential element of your discovery projects
© 2017 IBM UK & Ireland 18
PREPARE
So What Do You Do?
© 2017 IBM UK & Ireland 19
Fast discovery of unstructured data across the enterprise scaling from Terabytes to multiple Petabytes
Where the data is
What the data is
How big the data is
What the data is called
Who created the data
Deep knowledge of the data, many layers of attributes
StoredIQ – Understanding Unstructured Data
© 2017 IBM UK & Ireland 20
StoredIQ – Deeper Analysis
Open each text file, index its content:
Words, Phrases, Names
Patterns
National Insurance numbers,
credit cards, IDs, etc.
Auto-Classification:
Classifies content
based on user-
definable taxonomy
No coding required,
uses Natural Language Processing
Provides additional
overlay/filter analysis capability
© 2017 IBM UK & Ireland 21
Cataloguing and making Data Mapping and Data Discovery results useable
Ease of access, control, maintainability and auditability of this information is necessary to ensure your catalogue remains
accurate
Clipboard and spreadsheet approaches fall short
The regulations applying to
the data
The purpose
Type of data
Ownership and
stewardship
Retention rules
Results of data mapping and data discovery must be documented. It is necessary to understand:
© 2017 IBM UK & Ireland 22
Atlas for Data Mapping
Helps you improve information economics and reduce risk by
enabling defensible disposal of data debris
Primary features include:
A citation database of relevant legislation, regulation and policy
An organizational, multi-jurisdictional retention file plan for all information types with cross-
reference back to the corresponding citation
A catalogue of data sources (processes, data repositories, applications, etc.)
Maps all information types to the data sources which utilize them as well as the business
units and individuals who own the information
The who, why, what, where, when and way in which you handle your (personal) data
© 2017 IBM UK & Ireland 23
Understand My Data – Data Mapping and Data Discovery Approach
© 2017 IBM UK & Ireland 24
Phased Implementation Approach
CrawlStart Small
Start Quickly
WalkExpand
Introduce Tooling
JogGovernance and
Integration
RunContinuing
Accountability
Confirm data mapping and data
discovery focus based business
use of personal data and risk
based priority
Extend focus of data mapping
and discovery beyond initial focus
areas
Implement and refine data
governance process to
incorporate personal data
Full information governance
implemented across enterprise to
ensure data is controlled and
processes in place
Conduct data mapping exercise
and maintain an inventory /
catalogue manually in
spreadsheets or stand alone
tools
Utilise centralised tool based
catalogue with audit control and
accessibility
Integrate discovery and
catalogue tools to ensure
discovery to simplified and
ongoing maintenance of personal
data catalogue
Incorporate master data
management for digital personal
data enabling control and audit
and embed in as part of
information governance
Validation of personal data is
conducted by business, system
owners and administrators and
manually captured
Conduct tool based data
discovery to assess structured
and unstructured data sources for
potential personal data
© 2017 IBM UK & Ireland 25
top related