Informatica GDPR Overview Steve Holyer

GDPR Journey:
Practical steps to compliance

& business outcomes
Andrew Joss `
Head of Solutions & Data Governance – EMEA-LA
1 © Informatica. Proprietary and Confidential.

Disclaimer
• Compliance with the GDPR will be based on the specific facts of an organization’s business,
operations and use of data. This presentation provides a set of discussion points that may be
useful in the development of an organization’s GDPR compliance efforts, and is not intended
to be legal advice, guidance or recommendations. An organization should consult with its own
legal counsel about what obligations they may or may not need to meet

GDPR Background

What’s all the fuss about?
From 25th May 2018, the new EU General Data

Protection Regulation (GDPR) will require all
organisations, that hold data related to EU data
subjects, to more effectively manage data on their
customers, employees, contacts and any other
relevant persons

GDPR & Why It’s Important
What is it?
• May 2018, the European Union General Data Protection Regulation
(GDPR) comes into full force to enhance protection of personal data
Why is it important?
• Significant impact for organisations and how they manage data with some
potentially very large penalties for violations – 4% of global revenues
• Impacts the storage, processing, access, transfer, and disclosure of an
individual’s data records
Who is affected?
• These protections apply to any organisation (anywhere in the world) that
processes the personal data of EU data subjects

What GDPR is not?
• It’s not just a Security issue
• It’s not just a Legal issue
• It’s not just a Compliance issue
• It’s not just a Risk issue

• It’s not just a Data issue
• It’s ALL of these, and more…

GDPR – the potential for value
Organisations don’t have long to fully develop their approach
• Why? • What is it? The GDPR is:
• Fines & reputational damage could be • Possibly, the once in a generation
significant opportunity to transform the way
• Drives benefits when approached properly
organisations are compelled to manage
data
• To-Be model: • Benefit:
• Tick-box compliance or
• Avoidance of fines & reputational damage
• Business value add & privacy as a
differentiator • Supports digital transformation outcomes
• Challenge: • The opportunity:

• Many businesses haven’t done enough • It’s got budget and Board / Legal support
preparation and won’t be sufficiently compliant
• It impacts most organisations

May 2018 isn’t far away, so it’s
time to get practical…

Where do you from here?
As it’s a principles-based
With around 7 months to go
regulation, organisations
and a clock that won’t stop
will have different views on
ticking…
what the problem is, so…
…organisations are looking
…look for entry points into
at solutions to automate
your requirements and help
processing and cope with
your business understand
data at scale
the upside

Break the data problem
down…
… using some simple questions to understand the entry
point(s)
Do you know what data you hold, who has access to

it, and for what purpose?
Do you know how

Do you know how
Do you know you will protect your
will you manage
where all your in- data and ensure it
consents and data
scope data is? has the appropriate
rights?
controls?

Informatica for GDPR Compliance Efforts
Capability: Data Governance

Lead Solution: Informatica Axon™
Capability: Sensitive Capability: Consent Capability: Archiving &

Data Discovery & Mastering & Enacting Anonymisation
Risk Rights
Lead Solution: Lead Solution: Lead Solutions:
Informatica Informatica Master Informatica Data
Secure@Source ® Data Management Masking & Archiving

Data Governance
• Need: to understand what all the in-scope data is used for,
why and by whom
• Why: so you understand how you’re aligning to the
principles
• Common current approach: questionnaires, interviews and
static documentation development – mostly done manually
• Approach drawback: inaccurate, time & resource
consuming & often out-of-date

Data Governance
• Collaborative Definition of Policies Capability: Data Governance
Lead Solution: Informatica Axon
• Definitions of Processes, Terms etc.
Capability: Capability: Consent Capability: Archiving
Sensitive Data Mastering & Enacting & Anonymisation
• Approval process within stakeholder group Discovery & Risk Rights
Lead Solutions:
Lead Solution: Lead Solution: Informatica Data
• Publishing to entire organisation Informatica Informatica Master Masking &
Secure@Source Data Management Archiving
• Link Policies to implementation artefacts & data

• Potential Stakeholders:
• Solutions for Intelligent Data Governance • Chief Data Officer
• Lead solution: Informatica Axon • Chief Information Officer
• Chief Risk/Compliance Officer

Sensitive Data Discovery and Analysis
• Need: to understand where all the in-scope data is
• Why: so you understand the size & shape of the data
problem
• Common current approach: review existing sources and
send questionnaires
• Approach drawback: time & resource consuming,
inaccurate & very often out-of-date

Sensitive Data Discovery & Risk Analysis
• Enterprise-wide data discovery & risk analytics Capability: Data Governance
Capability: Capability: Consent Capability:
• In-scope Data discovery Sensitive Data Mastering & Archiving &
Discovery & Risk Enacting Rights Anonymisation
• In-scope Data classification Lead Solution: Lead Solution: Lead Solutions:

Informatica Informatica Informatica Data
Secure@Sourc Master Data Masking &
• Proliferation analysis e Management Archiving
• Multi-factor risk scoring

• Chief Legal Officer
• Solutions for automated Sensitive Data
Discovery and Risk scoring • Chief Information Security Officer
• Lead solution: Informatica Secure@Source • Chief Privacy Officer

Consent Mastering and Enacting Rights
• Need: to capture, manage and • Need: to match and link data
distribute consent about each individual data
subject
• Why: so you have captured
the lawfulness of processing • Why: so you can easily
respond to SARs, erasure etc.
• Common current approach:
extend preferences capabilities • Common current approach:
manually match data or basic
• Approach drawback:
rules
Functionally inadequate
• Approach drawback: low
match rate, false positive /
negatives, slow
Consent Mastering and Enacting Rights
• Enterprise-wide Single View of a Data Subject Capability: Data Governance
• Data Subject data discovery Sensitive Data Mastering & Archiving &
Discovery & Risk Enacting Rights Anonymisation
• Multi-Domain (Customer, Employee, etc.) Lead Solution: Lead Solution: Lead Solutions:
Informatica Informatica Informatica Data
• Data record matching and linking e Management Archiving
• Home for Consent Data Services

• Solutions to associate Consents with • Chief Marketing Officer
Mastered Data Subjects
• Chief Data Officer
• Lead solution: Informatica Master Data
Management • Chief Privacy Officer

Archiving and Anonymisation
• Need: to put protections and controls around identified in-

scope data
• Why: so you are demonstrating control over relevant data
• Common current approach: apply masking, deletion and
archiving solutions as required
• Approach drawback: lack of targeted implementation,
siloes of tools and implementations provides no holistic view

Archiving and Anonymisation
• Enterprise-wide Protection and Controls over Capability: Data Governance
data
Sensitive Data Mastering & Archiving &
• Data deletion & retention Discovery & Risk Enacting Rights Anonymisation
Lead Solution: Lead Solution: Lead Solutions:

• Data masking Informatica Informatica Informatica Data
e Management Archiving
• Data archiving
• Solutions to automate Controls and the
• Chief Information Officer
Protection of data
• Lead solution: Informatica Data Masking and • Chief Data Officer
Archiving
• Chief Legal Officer

Informatica for GDPR Compliance Efforts
DATA GOVERNANCE: AXON

Policy definitions. Role assignments. Approval workflows for tasks and definitions.
SENSITIVE DATA CONSENT MASTERING & PURGE DATA WITH

DISCOVERY & ANALYSIS ENACTING RIGHTS ARCHIVING &
• Discover & classify sensitive data
ANONYMIZATION
• Single view of the subject
• Data map and data proliferation • Store consents and sensitive data • Persistent and dynamic sensitive data
masking, in production and non-
production environments
• Heat maps to detect high-risk • Provide purpose-based perspectives to
areas to setup a protection plan the consuming applications • Archive sensitive data in a secure, easily
accessible data store
• User access and activity • Enacting rights: Access, rectify,
objection, portability, right to be
• Risk monitoring & management forgotten
SECURE@SOURCE MASTER DATA MANAGEMENT DATA MASKING & ARCHIVING

What business value add is there?
Faster compliance reporting, faster data science,

optimised data risk, drives data as an asset
Faster delivery of
Faster data Faster and more
customer centricity and
discovery for other secure application
digital transformation
policies, supports testing, reduce costs
programmes, data
breach prevention through data
superset for Market
initiatives minimisation
purposes

Reuse GDPR data
capabilities as a
platform for other
requirements
Informatica Intelligent Data Platform
Enterprise Cloud REAL TIME/
BIG TRADITIONA
CLOUD A
Data Management STREAMIN
DATA L
G
Solutions CUSTOMER PRODUCT SUPPLIER REFERENCE INTELLIGENT ENTERPRISE DATA SECURE@SOURCE

360 360 360 360 DATA LAKE INFORMATION GOVERNANC
CATALOG E
Products DATA BIG DATA CLOUD DATA DATA MASTER DATA DATA
INTEGRATIO MANAGEMENT MANAGEMENT QUALITY MANAGEMENT SECURITY
N
(ENTERPRISE UNIFIED METADATA INTELLIGENCE)

Intelligent
Data Platform MONITOR AND MANAGE
COMPUTE
CONNECTIVITY

GDPR Journey:
Practical steps to compliance
& business outcomes
Thank you for your time `
Any questions?

Detect and Protect:
A Data Security viewpoint
on GDPR
Steve Holyer
`
Data Security Domain Expert
Informatica Data Security Group
sholyer@informatica.com
Disclaimer
Compliance with the GDPR will be based on the specific facts of an organization’s business,
operations and use of data. This presentation provides a set of discussion points that may be
useful in the development of an organization’s GDPR compliance efforts, and is not intended to
be legal advice, guidance or recommendations. An organization should consult with its own
legal counsel about what obligations they may or may not need to meet.

Escalating Data Risk
Breaches Laws and Proliferation Analytics

That Bypass Regulations Data Growth and Create High Value
Legacy Security New Challenges Use, Across Cloud, Data Targets and
and Severe Big Data and Privacy Concerns
Penalties Mobile

Finding Your In-Scope
Data
Steve Holyer
Informatica Data Security Group

Sensitive Data Discovery and Risk Analysis
• Need: to understand where all the in-scope data is and the
RISK associated with it
• Why: so we understand the size & shape of the data
problem
• Common approach: review existing sources and send
questionnaires
• Approach drawback: time & resource consuming,
inaccurate & very often out-of-date

Why Manual Sensitive Data Discovery is not a viable option
RISK TIME
- Automated discovery scanning

- Manual sensitive data discovery
- Reusable assets COMPLEXITY
- Documentation analysis
- Initial SME confirmation, then
- Specialist/SME activity
autonomous
- Difficult to scale
- Highly Scalable
VOLAITILITY SCALE
• Case study for a PoC at a customer in Europe using Secure@Source

• Started to do discovery manually but stopped because “it took way too long and the results were not trustworthy”
• Installed Secure@Source
• Executed scanning across 2.5 days for 5 Data Sources

- 6744 Tables / 1118 Sensitive elements found
Getting Started with Discovery & Classification
• Establish a Data Glossary
• Define the Data Landscape

• Acquire Discovery Tooling
• Map which systems contain GDPR Data
• Identify “High Risk” Data Stores
• Map the movement of GDPR Data
• Maintain a “Validation and Certification” view

Continuous Risk Assessment
User Access and Activity Proliferation
Frequency and volume of user activity. Movement of data across
departments, data stores and
geographies.
Protection Data Volume

Controls to secure and Number of sensitive data
protect data. records.
Location Liability Cost

Geographic location of Value of data loss to the
sensitive data. organization.

Acceleration & Automation
• Classification & Discovery of GDPR • Integrates data security information
Data from 3rd parties:
• Identification of highest risk data stores • Data stores, owner, classification

• Protection status
• Sensitive Data Proliferation Mapping
• User access info (LDAP, IAM) and activity logs
• Which business users have access to (DB, Hadoop, Salesforce, DAM)
sensitive data
• User activity on sensitive data
• Policy-based alerting
• Multi-factor risk scoring

Secure@Source
Demonstration
Sensitive Data Visibility
• Detect
• Define Policies and Scan data stores
• Protection status from Infa masking

solutions
• Ingest protection status from 3rd Party
• Protect
• Persistent Masking
• 3rd party integrations: Sentry, Ranger, SFDC

Shield
• Scripting
• Communicate
• Top Data Stores
• Top Data Domains

User Activity & Data Movement
• Detect
• Out-of-the-box discovery from
PowerCenter and Microsoft SSIS
• Ingest proliferation from 3rd Party
• Ingest user activity from 3rd Party
• Action
• Alerting on events
• Orchestrate User management
• Scripting
• Communicate
• Top Users
• Movement of unprotected data

• Re-prioritization
Anomaly Detection
• Detect
• Abnormal user behavior through machine
learning and artificial intelligence
• Action
• Alert
• LDAP integration
• Scripting
• Communicate
• Highest risk users
• Top anomalies
• Top data store

Detect Sensitive Data Risk
Databases Big Data Cloud Files
Sensitive Data User Access & Anomaly

Visibility Data Movement Detection
Intelligently discover Understand user Continuously identify

sensitive data risk access to sensitive data high risk usage of
across the organization and how it moves sensitive data
through the enterprise
Orchestration and Automation
Protect – Alert – Communicate

Action GDPR: Webinar Series
Understand Identify
Your Data Sensitive Data
Protect Execute on
Sensitive Data Data Rights

Helpful starting points for next steps
• Visit our YouTube : Informatica Secure@Source
• GDPR : Previous Webinar
• Understanding your Data

• Discovering your sensitive Data
• Protecting sensitive data and enacting on consent
• Execute on Data Rights
• Visit our Data Security Web Page
• https://www.informatica.com/products/data-security
• GDPR Thought Leadership
• GDPR – The Next Major Data Privacy Challenge

• GDPR – Where to start?
• The rise of the GDPR Data Lake
• Contact me: sholyer@informatica.com

Questions?

Informatica GDPR Overview Steve Holyer

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Informatica GDPR Overview Steve Holyer

Încărcat de

Drepturi de autor:

Formate disponibile

GDPR Journey:

Practical steps to compliance

Head of Solutions & Data Governance – EMEA-LA

1 © Informatica. Proprietary and Confidential.

2 © Informatica. Proprietary and Confidential.

3 © Informatica. Proprietary and Confidential.

From 25th May 2018, the new EU General Data

4 © Informatica. Proprietary and Confidential.

5 © Informatica. Proprietary and Confidential.

• It’s not just a Risk issue

6 © Informatica. Proprietary and Confidential.

• Challenge: • The opportunity:

7 © Informatica. Proprietary and Confidential.

8 © Informatica. Proprietary and Confidential.

9 © Informatica. Proprietary and Confidential.

Do you know what data you hold, who has access to

Do you know how

11 © Informatica. Proprietary and Confidential.

Capability: Data Governance

Capability: Sensitive Capability: Consent Capability: Archiving &

12 © Informatica. Proprietary and Confidential.

13 © Informatica. Proprietary and Confidential.

• Link Policies to implementation artefacts & data

14 © Informatica. Proprietary and Confidential.

15 © Informatica. Proprietary and Confidential.

• In-scope Data classification Lead Solution: Lead Solution: Lead Solutions:

• Multi-factor risk scoring

16 © Informatica. Proprietary and Confidential.

• Home for Consent Data Services

18 © Informatica. Proprietary and Confidential.

• Need: to put protections and controls around identified in-

19 © Informatica. Proprietary and Confidential.

Lead Solution: Lead Solution: Lead Solutions:

20 © Informatica. Proprietary and Confidential.

DATA GOVERNANCE: AXON

SENSITIVE DATA CONSENT MASTERING & PURGE DATA WITH

SECURE@SOURCE MASTER DATA MANAGEMENT DATA MASKING & ARCHIVING

21 © Informatica. Proprietary and Confidential.

Faster compliance reporting, faster data science,

22 © Informatica. Proprietary and Confidential.

Solutions CUSTOMER PRODUCT SUPPLIER REFERENCE INTELLIGENT ENTERPRISE DATA SECURE@SOURCE

(ENTERPRISE UNIFIED METADATA INTELLIGENCE)

24 © Informatica. Proprietary and Confidential.

25 © Informatica. Proprietary and Confidential.

Informatica Data Security Group

27 © Informatica. Proprietary and Confidential.

Breaches Laws and Proliferation Analytics

28 © Informatica. Proprietary and Confidential.

Informatica Data Security Group

30 © Informatica. Proprietary and Confidential.

31 © Informatica. Proprietary and Confidential.

- Automated discovery scanning

• Case study for a PoC at a customer in Europe using Secure@Source

• Executed scanning across 2.5 days for 5 Data Sources

• Establish a Data Glossary

• Define the Data Landscape

33 © Informatica. Proprietary and Confidential.

Protection Data Volume

Location Liability Cost

34 © Informatica. Proprietary and Confidential.

• Identification of highest risk data stores • Data stores, owner, classification

35 © Informatica. Proprietary and Confidential.

• Protection status from Infa masking