The document discusses how Neo4j can help organizations comply with and gain strategic advantages from GDPR regulations. It provides an overview of GDPR requirements, including individual rights and key requirements for organizations. It then argues that Neo4j is well-suited for GDPR due to its ability to model, track, and visualize sensitive data moving through systems. The rest of the document demonstrates Neo4j's GDPR solution through a sample dataset and example reports and dashboards that organizations can use to ensure compliance and leverage personal data as a strategic asset.
Powerful Google developer tools for immediate impact! (2023-24 C)
How to turn GDPR into a Strategic Advantage using Connected Data
1. How to turn GDPR into a
strategic advantage using
Connected DataJoe Depeau
Sr. Presales Consultant, UK
23rd April, 2018
@joedepeau
http://linkedin.com/in/joedepeau
2. • GDPR Overview
• Why is Neo4j right for GDPR?
• Neo4j Privacy Shield Solution Demo
• Sample Reports
• Q & A
2
Agenda
5. 5
GDPR Summary
• GDPR = General Data Protection Regulation
• Adopted by the EU Parliament on 24th May 2016
• Will apply from 25th May 2018
• Applies to both Controllers and Processors
• Applies to organisations operating within the EU, as well as organisations outside
the EU that offer goods or services to individuals in the EU.
• Covers a broad definition of personal data
• Defines lawful basis for processing personal data, which include consent and
contract
• Defines significant fines for non-compliance
6. 6
Individual Rights Under GDPR
Right to be
informed
Right of access
Right to
rectification
Right to erasure
Right to
restriction of
processing
Right to data
portability
Right to object
Rights regarding
automated
decision making
7. 7
Key GDPR Requirements
Organizations that embrace the new GDPR regulations and provide the right levels of transparency and
traceability for personal information have a big opportunity to win the hearts, minds and business of consumers.
What data do you
have? Is it accurate?
Where is the data
stored?
How and when did
you obtain the data?
Why do you have the
data?
Who has access to
the data?
Do you have
permission to use
the data? For what
purpose?
Is the data secure?
How does the data
travel through your
systems?
Does the data ever
cross international
borders?
8. 8
GDPR: Risk Mitigation vs. Competitive
Advantage Be a leader and have a solution ready
on time
Improve Brand
Reduce Risk
Leverage connected data to drive
analytics for threat detection &
business forecasts
Competitive
Advantage
Spend is strategic
Increase ROI
Reduce Risk
Become a trusted enterprise, delight
customers and DPA
Increase CSAT
Become
Trusted
Improve Brand
Strategic solution ensures data
governance and solution maintenance
Reduce Risk
Reduce Cost
Stay on the sidelines to see what others
are doing
Increased Risk
Look to get by with bare minimum
solution
Increased Risk
Spend is sunk investment to just
mitigate risk
Low to No ROI
Unknown Risk
Mitigation
Solution results in less than happy
subjects, DPO and DPA
Lower CSAT
Minimal Risk
Reduction
Focus on data governance and solution
maintenance is low
Increased Risk
Increased Cost
10. 10
GDPR Needs Connected Data &
Visualisation
Graph database is the perfect solution to this vast amount of connected data;
traditional approaches with an RDBMS or other NoSQL databases just cannot cut it.
12. 12
Neo4j is the Right GDPR Foundation
Neo4j includes powerful tools that enable you to model, track, and visualise the
movement of sensitive data through your systems.
13. 13
Neo4j is superior for GDPR
Task Traditional Approaches Modern Neo4j Approach
Trace data through enterprise systems
Complex queries with hundreds of join
tables
Simple single query traverses all
enterprise systems
Preserve the integrity of data lineage
Broken data paths and lineage, especially
with NoSQL databases
Continuous, unbroken data paths at all
times
Remain compliant when adding new
data and systems
Days to weeks to rewrite schema and
queries
Minutes to add new data and connections
Time to Deployment Months to years Weeks to months
Query data as part of GDPR requests Minutes to hours per query Milliseconds per query
Provide report in response to GDPR
requests
Text reports that are not visual and prove
very little
Visuals of personal data and the path it
follows through your system
Bottom Line Long, ineffective and expensive Easy, fast, and affordable
15. The demo is based on a randomly-generated and curated data set for a
fictitious company named Netfilms which includes:
• 1,000,000 Subjects
• 2000 Users
• 8 Systems
• 12 Locations
• 10 Years
• 8,888,109 Data Movements
• 1,129,743 Consents
• 13,834,533 Nodes
• 50,186,819 Relationships
15
About the Demo Dataset
18. 18
Turn Regulations into Opportunities
Role-based dashboards provide easy navigation and ready analytics for
internal and external users.
Connected data visualizations display personal data maps, data lineage
diagrams, and graphical analysis of key indicators.
Data movement patterns use AI methods to identify how personal data
moves throughout your enterprise.
Threat and pattern detection identifies potential security problems so you
can proactively manage risk.
Consent management enables users to specify how you can use their data
and lets managers track user consent.
Data usage reports highlight access patterns and who looked at which
subject’s data, to pinpoint misuse of sensitive information.
Data archival reports alert you when subject data should be archived to
reduce risk.
Proactive alerts warn managers when unusual patterns emerge or personal
data is being used improperly.
What-if analysis tests the effects of changes in on-boarding new subjects,
obtaining their consent, staffing customer service teams, and other tactical
initiatives.
28. • European Commission Data Protection site:
https://ec.europa.eu/info/law/law-topic/data-protection_en
• The UK Information Commissioner’s Office (ICO) Guide to the
GDPR: https://ico.org.uk/for-organisations/guide-to-the-general-data-
protection-regulation-gdpr/
• Full GDPR document: http://eur-lex.europa.eu/legal-
content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
• Neo4j GDPR Whitepaper: https://neo4j.com/whitepapers/gdpr-
compliance-graph-databases/
• Neo4j Privacy Shield: https://neo4j.com/use-cases/gdpr-compliance/
28
Links