SlideShare ist ein Scribd-Unternehmen logo

Enterprise Data World 2018

•
•
J
jadams6

Data Privacy; GDPR and the Role of Governance

Business
1 von 28
Downloaden Sie, um offline zu lesen
7 Key GDPR Requirements & the Role of Data Governance Jonathan Adams, DATUM
Jonathan Adams • Director of Research that supports customers in building governance discipline around analytics and regulatory compliance • Certified CMMI Enterprise Data Management Expert (EDME) • 20+ years of experience in leading requirements, design and implantation efforts for retailers, financial organizations and federal agencies
Data is Everything – Personal Data is Everywhere
GDPR is … Right around the corner
If you are just starting… How do I start ? • What is my risk exposure? • What do I need to do NOW?!
If you are well on your way … How do you avoid the MV Paradox? You do just enough to be compliant and then stop; compliance hell! Doing the right thing; but doing it WRONG! Focus on building capabilities that scale, are robust are transparent and defensible Doing the right thing; AND doing it Right!
Agenda: • Quick Overview of GDPR • Critical first steps – what you need to do NOW • Ensuring long term stress free compliance (Audit Resilience)
Defining GDPR GDPR is a comprehensive set of privacy regulations designed to protect data for individuals within the European Union. Objective: • Give individuals control of their personal data • Regulatory consistency across the EU Impact: • Covers personal data collected in EU regardless of where the data collector is located • All US based multi nationals doing business with people in Europe will be impacted • Fines are significant up to 4% of Global revenue
GDPR’s Impact on Companies Any business (foreign or domestic) engaged with individuals within the EU The notion of Personal Information (PI) is broadly defined: data that has the potential to identify a person living in Europe falls under the GDPR GDPR applies “horizontally” across the organization’s business components, and “vertically” at all decision making levels. GDPR applies across the complete value chain. Organizations are obligated to verify the compliance of parties with which they do business.
GDPR requirements can be simplified by organizing around four core capability areas • People • Partners • Regulators • Organization Organization People Partners Regulators • Communication • Remediation • Certification • Risk Management • Consulting & Reporting • Organizational Alignment • Privacy by Design • Risk Management Privacy Culture
People: The “owners” of Personal Information Forget Quarantine PackageFix Consent Notification Access • Need for greater detail and clarity when collecting data • Consent must be explicit as to use of data, how it will be processed, and by whom • Notification of breach is required Obligations Under GDPR Individuals have the following rights: • To be Informed • To Access • To Rectify • To Erasure • To Restrict Processing • To Data Portability • To Object • Related to automated Decision Making and Profiling Rights People
Organization: “Data Protection by Design” Data Management International Best Practices Risk Management Accountability Obligations • Accountability – vertically, horizontally and externally • Data Protection Officer required for most large companies • Best practice “Codes of Conduct” mitigate against enforcement action • Assessment of risk will drive multiple decisions – it needs to be transparent and defensible • Cross border data exchanges do not obviate requirements Organization
Partners: A New Risk Dimension Certification Risk Management Processor Compliance Obligations • Transfers of Personal Information between your company and business partners does not transfer the responsibility to ensure it is safeguarded – it is still yours to look after • Establish a way to ensure your partners are providing GDPR level security • Best practices certifications that support third party audits will streamline assessment process and mitigate risk • Due diligence and transparency is key to demonstrating diligence Partners
Regulators: Communication is key Consultation Best Practices Obligations • Notification is required in the event of a breach • “Breach” is broadly defined: destruction, loss, alteration, unauthorized disclosure of, or access to, personal data • Reporting to regulators within 72 hours when breach is likely to result in a risk to the rights and freedoms of individuals • “Prior Consultation” is an expectation • Privacy Impact Assessment anchors the regulator and risk discussions • Best Practices will streamline these discussions Regulators
What do you need to do NOW?
Get a grip!
Catalog your Personal Information “The first thing you have to know is yourself...” – Adam Smith Identify Data: PI: Collected, Observed, Derived1 2 Catalog Data: Foundational to Managing Data 3 Describe Data: Tag to Answer Compliance Requirements
Understand Risk Is your Business Model “risky”? What is your risk tolerance? What does your lawyer say? Remember – your lawyer interprets the regulation Your governance team builds auditable controls consistent with policy shaped by interpretation Your executive leadership defines policy
19 Build a Risk Model for transparency & defensibility Confidential and Proprietary. Copyright© 2017. DATUM LLC Vulnerabilities 17-2 32-1 32-2 33-1 33-3 34-1 GDPR Risk Areas 34-3 35-1 35-7- c,d 35-11 49-1-a Practices Mitigation Risk Governance Risk Analysis & Metrics “To [the] rights and freedoms of natural persons” Best Practices COBit; CMMI DMM; ISO 27001 NIST 800-61 …
Avoiding the Minimum Viable Paradox
Audit Resilient?
Focus on Capabilities Compliance Capability Readiness=+ Do the Right Thing – Do it Right!
Best Practices Mitigate Risk Aligning to Recognized Best Practice Frameworks Mitigates Risk Pick a Framework That Works for You1 2 Talk the Talk – Walk the Walk 3 Promote within Industry Associations
Operating Model Builds Accountability Actors & Roles Organizational Design Methods • Who needs to be engaged in the Data Governance program? • What are their roles? • The ideal design for ‘data’ given organizational competencies • What makes sense for the organization today? • What is the vision given business goals? • The governance functions and Teams • What skills sets are required? • What functions are performed? • Where do we get those resources? • What level of automation should exist to support Actors, Roles and the functions they perform? Functions
Change management is the challenge Operating Model Organizational Alignment Mobilizing Cross-Functional Teams Empowerment (with Rules and Tools) Outcome focused Metrics Accountability Step-Change Change Management
In the immortal words of Bill & Ted
Be Agile – it’s a journey! Steps can be iterative • All data does not have to be cataloged day one • All processes do not have to be known • Have a Plan • Focus on Demonstrable Due Diligence • The solution ecosystem & governance framework that:  Supports agile iterative evolution of capabilities  Shows early successes Success
28 Thank You for Your Time! • Any questions? • Visit us at http://www.datumstrategy.com/gdpr-solution for more information • For the latest news follow us on Twitter at @datumstrategy Confidential and Proprietary. Copyright© 2018. DATUM LLC

Empfohlen

Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspectivecanadianlawyer
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySaskSummit
 
“Rebuilding Corporate Trust: The Essential Role Of IT Governance
“Rebuilding Corporate Trust: The Essential Role Of IT Governance“Rebuilding Corporate Trust: The Essential Role Of IT Governance
“Rebuilding Corporate Trust: The Essential Role Of IT GovernanceSUNIL KUMAR KOHLI, IDAS ndc
 
3 minute reading time on how you can comply with GDPR.
3 minute reading time on how you can comply with GDPR.3 minute reading time on how you can comply with GDPR.
3 minute reading time on how you can comply with GDPR.Richard Kranendonk
 
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...William Tanenbaum
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE Sarah Stogner
 

Empfohlen

Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspectivecanadianlawyer
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySaskSummit
 
“Rebuilding Corporate Trust: The Essential Role Of IT Governance
“Rebuilding Corporate Trust: The Essential Role Of IT Governance“Rebuilding Corporate Trust: The Essential Role Of IT Governance
“Rebuilding Corporate Trust: The Essential Role Of IT GovernanceSUNIL KUMAR KOHLI, IDAS ndc
 
3 minute reading time on how you can comply with GDPR.
3 minute reading time on how you can comply with GDPR.3 minute reading time on how you can comply with GDPR.
3 minute reading time on how you can comply with GDPR.Richard Kranendonk
 
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...William Tanenbaum
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE Sarah Stogner
 
William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William Tanenbaum
 
Building the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyBuilding the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyAIIM International
 
Enterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeEnterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeIron Mountain
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
A2: Getting ready for GDPR (with only one month to go)
A2: Getting ready for GDPR (with only one month to go)A2: Getting ready for GDPR (with only one month to go)
A2: Getting ready for GDPR (with only one month to go)NCVO - National Council for Voluntary Organisations
 
Cyber wargaming: Building cyber resilience in an era of cyberattacks
Cyber wargaming: Building cyber resilience in an era of cyberattacksCyber wargaming: Building cyber resilience in an era of cyberattacks
Cyber wargaming: Building cyber resilience in an era of cyberattacksDeloitte United States
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?Eryk Budi Pratama
 
The Power Of People In Information Governance
The Power Of People In Information GovernanceThe Power Of People In Information Governance
The Power Of People In Information GovernanceColin Tong
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...Ardoq
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...Deloitte United States
 
Modernizing compliance: Moving from value protection to value creation
Modernizing compliance: Moving from value protection to value creationModernizing compliance: Moving from value protection to value creation
Modernizing compliance: Moving from value protection to value creationDeloitte United States
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Improving liquidity management: Scenario-based cash forecasting
Improving liquidity management: Scenario-based cash forecastingImproving liquidity management: Scenario-based cash forecasting
Improving liquidity management: Scenario-based cash forecastingDeloitte United States
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceCILIPScotland
 
Hedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesHedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesDeloitte United States
 
#7 Insurance
#7 Insurance#7 Insurance
#7 InsuranceRobert Cutbirth
 
Navigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management ProgramNavigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management ProgramPerficient, Inc.
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
Dimitris Mouzakitis
Dimitris MouzakitisDimitris Mouzakitis
Dimitris MouzakitisAlma Total Solutions
 

Weitere ähnliche Inhalte

Was ist angesagt?

William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William Tanenbaum
 
Building the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyBuilding the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyAIIM International
 
Enterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeEnterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeIron Mountain
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
Cyber wargaming: Building cyber resilience in an era of cyberattacks
Cyber wargaming: Building cyber resilience in an era of cyberattacksCyber wargaming: Building cyber resilience in an era of cyberattacks
Cyber wargaming: Building cyber resilience in an era of cyberattacksDeloitte United States
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?Eryk Budi Pratama
 
The Power Of People In Information Governance
The Power Of People In Information GovernanceThe Power Of People In Information Governance
The Power Of People In Information GovernanceColin Tong
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...Ardoq
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...Deloitte United States
 
Modernizing compliance: Moving from value protection to value creation
Modernizing compliance: Moving from value protection to value creationModernizing compliance: Moving from value protection to value creation
Modernizing compliance: Moving from value protection to value creationDeloitte United States
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Improving liquidity management: Scenario-based cash forecasting
Improving liquidity management: Scenario-based cash forecastingImproving liquidity management: Scenario-based cash forecasting
Improving liquidity management: Scenario-based cash forecastingDeloitte United States
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceCILIPScotland
 
Hedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesHedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesDeloitte United States
 
Navigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management ProgramNavigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management ProgramPerficient, Inc.
 

Was ist angesagt? (20)

William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...
 
Building the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyBuilding the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your Company
 
Enterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeEnterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving Change
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
 
A2: Getting ready for GDPR (with only one month to go)
A2: Getting ready for GDPR (with only one month to go)A2: Getting ready for GDPR (with only one month to go)
A2: Getting ready for GDPR (with only one month to go)
 
Cyber wargaming: Building cyber resilience in an era of cyberattacks
Cyber wargaming: Building cyber resilience in an era of cyberattacksCyber wargaming: Building cyber resilience in an era of cyberattacks
Cyber wargaming: Building cyber resilience in an era of cyberattacks
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva inc
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
 
The Power Of People In Information Governance
The Power Of People In Information GovernanceThe Power Of People In Information Governance
The Power Of People In Information Governance
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance
 
EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...
 
Modernizing compliance: Moving from value protection to value creation
Modernizing compliance: Moving from value protection to value creationModernizing compliance: Moving from value protection to value creation
Modernizing compliance: Moving from value protection to value creation
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
 
Improving liquidity management: Scenario-based cash forecasting
Improving liquidity management: Scenario-based cash forecastingImproving liquidity management: Scenario-based cash forecasting
Improving liquidity management: Scenario-based cash forecasting
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
 
Hedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesHedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activities
 
#7 Insurance
#7 Insurance#7 Insurance
#7 Insurance
 
Navigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management ProgramNavigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management Program
 

Ähnlich wie Enterprise Data World 2018

7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...DATUM LLC
 
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .jadams6
 
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot PrivacyPrivacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot PrivacyIvan Tsarynny
 
PrivacyOps Framework
PrivacyOps FrameworkPrivacyOps Framework
PrivacyOps FrameworkFeroot
 
A Practical Guide To Information Governance
A Practical Guide To Information GovernanceA Practical Guide To Information Governance
A Practical Guide To Information GovernanceMichael Curcio
 
GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 ayeshaurooj104
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
Data protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceData protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceEquiGov Institute
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 
Evolution of Records Management in Law Firms
Evolution of Records Management in Law FirmsEvolution of Records Management in Law Firms
Evolution of Records Management in Law FirmsJim Merrifield, IGP, CIP
 
Compliance as Culture Strategy
Compliance as Culture StrategyCompliance as Culture Strategy
Compliance as Culture StrategyCornerstone OnDemand
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
GDPR Seminar Slides
GDPR Seminar SlidesGDPR Seminar Slides
GDPR Seminar SlidesHannah Donnison
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance Dovetail Software
 
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPRDigital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPRRichard Veryard
 
IT Project Success through Corporate Profiling
IT Project Success through Corporate ProfilingIT Project Success through Corporate Profiling
IT Project Success through Corporate ProfilingITPSB Pty Ltd
 

Ähnlich wie Enterprise Data World 2018 (20)

7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
 
Dimitris Mouzakitis
Dimitris MouzakitisDimitris Mouzakitis
Dimitris Mouzakitis
 
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
 
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
 
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot PrivacyPrivacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
 
PrivacyOps Framework
PrivacyOps FrameworkPrivacyOps Framework
PrivacyOps Framework
 
Data Analytics Ethics: Issues and Questions (Arnie Aronoff, Ph.D.)
Data Analytics Ethics: Issues and Questions (Arnie Aronoff, Ph.D.)Data Analytics Ethics: Issues and Questions (Arnie Aronoff, Ph.D.)
Data Analytics Ethics: Issues and Questions (Arnie Aronoff, Ph.D.)
 
A Practical Guide To Information Governance
A Practical Guide To Information GovernanceA Practical Guide To Information Governance
A Practical Guide To Information Governance
 
GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
Data protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceData protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure compliance
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
Evolution of Records Management in Law Firms
Evolution of Records Management in Law FirmsEvolution of Records Management in Law Firms
Evolution of Records Management in Law Firms
 
Compliance as Culture Strategy
Compliance as Culture StrategyCompliance as Culture Strategy
Compliance as Culture Strategy
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
GDPR Seminar Slides
GDPR Seminar SlidesGDPR Seminar Slides
GDPR Seminar Slides
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance
 
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPRDigital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
 
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
 
IT Project Success through Corporate Profiling
IT Project Success through Corporate ProfilingIT Project Success through Corporate Profiling
IT Project Success through Corporate Profiling
 

KĂźrzlich hochgeladen

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Trucks in Minnesota
 

KĂźrzlich hochgeladen (20)

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 

Enterprise Data World 2018

  • 1. 7 Key GDPR Requirements & the Role of Data Governance Jonathan Adams, DATUM
  • 2. Jonathan Adams • Director of Research that supports customers in building governance discipline around analytics and regulatory compliance • Certified CMMI Enterprise Data Management Expert (EDME) • 20+ years of experience in leading requirements, design and implantation efforts for retailers, financial organizations and federal agencies
  • 3. Data is Everything – Personal Data is Everywhere
  • 4. GDPR is … Right around the corner
  • 5. If you are just starting… How do I start ? • What is my risk exposure? • What do I need to do NOW?!
  • 6. If you are well on your way … How do you avoid the MV Paradox? You do just enough to be compliant and then stop; compliance hell! Doing the right thing; but doing it WRONG! Focus on building capabilities that scale, are robust are transparent and defensible Doing the right thing; AND doing it Right!
  • 7. Agenda: • Quick Overview of GDPR • Critical first steps – what you need to do NOW • Ensuring long term stress free compliance (Audit Resilience)
  • 8. Defining GDPR GDPR is a comprehensive set of privacy regulations designed to protect data for individuals within the European Union. Objective: • Give individuals control of their personal data • Regulatory consistency across the EU Impact: • Covers personal data collected in EU regardless of where the data collector is located • All US based multi nationals doing business with people in Europe will be impacted • Fines are significant up to 4% of Global revenue
  • 9. GDPR’s Impact on Companies Any business (foreign or domestic) engaged with individuals within the EU The notion of Personal Information (PI) is broadly defined: data that has the potential to identify a person living in Europe falls under the GDPR GDPR applies “horizontally” across the organization’s business components, and “vertically” at all decision making levels. GDPR applies across the complete value chain. Organizations are obligated to verify the compliance of parties with which they do business.
  • 10. GDPR requirements can be simplified by organizing around four core capability areas • People • Partners • Regulators • Organization Organization People Partners Regulators • Communication • Remediation • Certification • Risk Management • Consulting & Reporting • Organizational Alignment • Privacy by Design • Risk Management Privacy Culture
  • 11. People: The “owners” of Personal Information Forget Quarantine PackageFix Consent Notification Access • Need for greater detail and clarity when collecting data • Consent must be explicit as to use of data, how it will be processed, and by whom • Notification of breach is required Obligations Under GDPR Individuals have the following rights: • To be Informed • To Access • To Rectify • To Erasure • To Restrict Processing • To Data Portability • To Object • Related to automated Decision Making and Profiling Rights People
  • 12. Organization: “Data Protection by Design” Data Management International Best Practices Risk Management Accountability Obligations • Accountability – vertically, horizontally and externally • Data Protection Officer required for most large companies • Best practice “Codes of Conduct” mitigate against enforcement action • Assessment of risk will drive multiple decisions – it needs to be transparent and defensible • Cross border data exchanges do not obviate requirements Organization
  • 13. Partners: A New Risk Dimension Certification Risk Management Processor Compliance Obligations • Transfers of Personal Information between your company and business partners does not transfer the responsibility to ensure it is safeguarded – it is still yours to look after • Establish a way to ensure your partners are providing GDPR level security • Best practices certifications that support third party audits will streamline assessment process and mitigate risk • Due diligence and transparency is key to demonstrating diligence Partners
  • 14. Regulators: Communication is key Consultation Best Practices Obligations • Notification is required in the event of a breach • “Breach” is broadly defined: destruction, loss, alteration, unauthorized disclosure of, or access to, personal data • Reporting to regulators within 72 hours when breach is likely to result in a risk to the rights and freedoms of individuals • “Prior Consultation” is an expectation • Privacy Impact Assessment anchors the regulator and risk discussions • Best Practices will streamline these discussions Regulators
  • 15. What do you need to do NOW?
  • 17. Catalog your Personal Information “The first thing you have to know is yourself...” – Adam Smith Identify Data: PI: Collected, Observed, Derived1 2 Catalog Data: Foundational to Managing Data 3 Describe Data: Tag to Answer Compliance Requirements
  • 18. Understand Risk Is your Business Model “risky”? What is your risk tolerance? What does your lawyer say? Remember – your lawyer interprets the regulation Your governance team builds auditable controls consistent with policy shaped by interpretation Your executive leadership defines policy
  • 19. 19 Build a Risk Model for transparency & defensibility Confidential and Proprietary. CopyrightŠ 2017. DATUM LLC Vulnerabilities 17-2 32-1 32-2 33-1 33-3 34-1 GDPR Risk Areas 34-3 35-1 35-7- c,d 35-11 49-1-a Practices Mitigation Risk Governance Risk Analysis & Metrics “To [the] rights and freedoms of natural persons” Best Practices COBit; CMMI DMM; ISO 27001 NIST 800-61 …
  • 20. Avoiding the Minimum Viable Paradox
  • 22. Focus on Capabilities Compliance Capability Readiness=+ Do the Right Thing – Do it Right!
  • 23. Best Practices Mitigate Risk Aligning to Recognized Best Practice Frameworks Mitigates Risk Pick a Framework That Works for You1 2 Talk the Talk – Walk the Walk 3 Promote within Industry Associations
  • 24. Operating Model Builds Accountability Actors & Roles Organizational Design Methods • Who needs to be engaged in the Data Governance program? • What are their roles? • The ideal design for ‘data’ given organizational competencies • What makes sense for the organization today? • What is the vision given business goals? • The governance functions and Teams • What skills sets are required? • What functions are performed? • Where do we get those resources? • What level of automation should exist to support Actors, Roles and the functions they perform? Functions
  • 25. Change management is the challenge Operating Model Organizational Alignment Mobilizing Cross-Functional Teams Empowerment (with Rules and Tools) Outcome focused Metrics Accountability Step-Change Change Management
  • 26. In the immortal words of Bill & Ted
  • 27. Be Agile – it’s a journey! Steps can be iterative • All data does not have to be cataloged day one • All processes do not have to be known • Have a Plan • Focus on Demonstrable Due Diligence • The solution ecosystem & governance framework that:  Supports agile iterative evolution of capabilities  Shows early successes Success
  • 28. 28 Thank You for Your Time! • Any questions? • Visit us at http://www.datumstrategy.com/gdpr-solution for more information • For the latest news follow us on Twitter at @datumstrategy Confidential and Proprietary. CopyrightŠ 2018. DATUM LLC