gdpr: how european companies have moved towards compliance€¦ · full stack tech lead, cloud...
TRANSCRIPT
Tiberiu CovaciFull stack tech lead, cloud architectin Canary Islands
With host Andrew BrustMarket Strategy Advisor, Io-TahoeCEO, Blue Badge Insights
GDPR: How European companies have moved towards compliance
For external use
Speaker bios
2
Tiberiu Covaci• Seasoned tech lead in EU markets• Microsoft Regional Director• Cloud architect
Andrew Brust• Covers Big Data and analytics for ZDNet• Strategy Advisor to Io-Tahoe• Data-focused tech career started in 1985
Level set: What is GDPR?
3
For external use
GDPR facts and responsibilities
Effective
May25th2018Penalty:
€20M/$23.5M
or 4% of the
company’s total
global revenue
Most important
change in data
privacy regs in 20
years
DiscoverDiscover and understand both metadata and ‘hidden’, undocumented data across the entire
enterprise
1
2
3
Secure Data governance, security protocols, encrypting/masking, threat protection, data prevention,
policy compliance
DisposeDelete information, identify/consolidate redundant systems, sunset systems
4
For external use
Entities and obligations
Data ControllerData Subject Data Processor Subprocessors
5
For external use
Officers, authorities and boards
6
Data Protection Officer
Employed by Data Controller
Reports into highest leadership level
Must report breaches within 72 hours
Country-level authority(ies)
May set data protection regulations over and
above GDPR
Data Protection Authorities(DPAs)
EU-level governing authority
Comprised of DPA heads
Ensures consistent application of GDPR
European Data Protection Board (EDPB)
For external use
How have European
companies approached GDPR
compliance?
For external use
Previous obligations = current readiness
8
Lax or no previous regulations
Previous regsat national level
Ready for compliance
For external use
Ambiguities
9
Law is general• Much left to interpretation• More specificity on non-compliance penalties than
compliance requirements
Self-assessment is key• And assurance from data processors…• …who may also be self-assessed
Dedication vs. “worry”Privacy by design?
Cloud vs. on-premises
10
For external use 11
Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner Cool Vendor
Io-Tahoe named Cool Vendor in Data Management, 2017Published: 28 April 2017 ID: G00326775
2017
Thank you
12
This file is private and may contain confidential and proprietary information. If you have received this file in error, please notify us and remove it from your system, and note that you must not copy, distribute or take any action in reliance on it. Any unauthorized use or disclosure of the contents of this file is not permitted and may be unlawful. Io-Tahoe LLC, 111 Broadway, Suite 601, New York, NY 10006. www.io-tahoe.com
Io-Tahoe® is a registered trade mark of Centrica plc. © Io-Tahoe LLC 2018