deloitte tech club
play

Deloitte Tech Club 19. februra 2019 Exponea WRITE HERE SOMETHING - PowerPoint PPT Presentation

Deloitte Tech Club 19. februra 2019 Exponea WRITE HERE SOMETHING MEET CHALLENGES of OUR EXPERIENCE CLOUD TEAM Our GDPR story WRITE HERE SOMETHING MEET TABLE OF CONTENT OUR TEAM DPO story Challenges and Patches applied ASK ANYTHING


  1. Deloitte Tech Club 19. februára 2019

  2. Exponea

  3. WRITE HERE SOMETHING MEET CHALLENGES of OUR EXPERIENCE CLOUD TEAM Our GDPR story

  4. WRITE HERE SOMETHING MEET TABLE OF CONTENT OUR TEAM DPO story Challenges and Patches applied ASK ANYTHING

  5. EXPONEA DPO INTRODUCTION We hired experts to overcome uncertainty Lenka Gondová Internally as CISO and appointed as DPO: CISA, CGEIT, CRISC, ISO 27001 LA, ISO 20000-1 LA, ISO 22301 LA, eIDAS LA, CSX-F, expert on auditing, risk management and governance who supports local Office for Data Protection by creating of executing law for GDPR certification and DPIA.

  6. WRITE HERE SOMETHING MEET OUR Challenge # 1 TEAM

  7. WE ARE IN HYPER-GROWTH MODE WINNING CLIENTS GLOBALLY CZ & SK WORLDWIDE

  8. WRITE HERE SOMETHING MEET OUR Challenge # 2 TEAM

  9. WE ARE SaaS

  10. WRITE HERE SOMETHING MEET OUR Challenge # 3 TEAM

  11. Who is Exponea We’ve nailed Single Customer View AI powered Personalised experiences at scale Fastest growing SaaS business in Global

  12. EXPONEA FINANCE CIO REVIEW G2Crowd G2Crowd ONLINE SAAS 1000 #7 Marketing Exponea is #1 Fastest TOP most promising #1 High Performer in #1 Best Relationship Automation Software Growing SaaS Company BIG DATA solutions Marketing Automation Relationship Index 2018 Solution of 2017 in Europe providers Software 2017 for Marketing Automation https://financesonline.com/top http://saas1000.com/?ref=pro https://bigdata.cioreview.com/ https://www.g2crowd.com/pro https://www.g2crowd.com/ -20-marketing-automation- ducthunt vendor/2017/exponea ducts/exponea/reviews products/exponea/reviews software-solutions-2017/ Rusty Warner “ Full focus on delivered value is what makes Exponea truly unique .“

  13. OMNICHANNEL COMMUNICATION Exponea combines online and CRM / DWH data to deliver omnichannel communication. DATA SOURCES EXPONEA PLATFORM COMMUNICATION CHANNELS INGEST ACTIONS ON-LINE Google Doubleclick / Facebook AdWords Web Email Omni-channel Data Management Platform SMS App Web - <div> Web - banner Advanced Analytics OFF-LINE Browser push Web-hook API notification AI / Machine learning ERP CRM Automatic Campaign Data warehouse / Data lake Email SMS App Call center Execution

  14. PERSONALIZED CONTENT Engage your customers with real-time 1:1 personalized omni-channel campaign orchestration, across all touch-points, channels and devices.

  15. EXPONEA Patches Applied

  16. GDPR THINKING IS EMBEDDED IN EXPONEA Privacy by Design: ● Enhanced security ● Project access ○ ISO 27001 & ISO 9001 certified last year, management ISO 27017 and ISO 27018 in March 2018 PII definition and ○ GDPR friendly features in Exponea Experience Cloud ● access management not only basic compliance but much more (manage Events expiration ○ consents, execute rights of data subjects , …) Much more, see in ○ app Privacy Tutorial Internal GDPR trainings and testing of knowledge ● and our guides Fundamentals Certification compulsory for all + expert certifications to help clients to implement all requirements Exponea GDPR certified March 2018 – ● unaccredited certification

  17. INTERNAL TRAINING AND TESTING Our internal training ends by compulsory fundamentals certification and voluntary expert GDPR certification.

  18. Thank you Questions

  19. PRIVACY TUTORIAL (bonus slides) Our in-app privacy tutorial helps to give our users easy to digest crash-course in GDPR related requirements.

  20. HOW EXPONEA HELPS Section inside our tutorial which helps to guide our users through Exponea‘s features from the GDPR & privacy point of view.

  21. Note: Consent management will be described in detail later in the presentation.

  22. Download: Creates a file that will contain all properties and Three methods are available: events that were tracked in computer readable format Download all customer data (JSON). Anonymize customer Delete customer Anonymisation: All identifiers and personal information (PII) from customer properties and event attributes are removed

  23. Highlights of access management: Access management is based on module-based rights i.e. Analytics & Campaigns. You can select specific data types as PII and then set/revoke permission to see PII per user. Exponea is also logging all actions of users.

  24. How do we deal with event expiration: It's possible to map every campaign action (i.e. email, sms) to different event type and set expiration separately for those actions.

  25. How does expiration really works: If expiration for any event is set once per day all events that are older are deleted. Definition of "older" is based on event timestamp, not time when event was tracked. Following actions will be performed: Message to Kafka that events are going to be expired/deleted Delete events from IMF Leave events in MongoDB Leave events in Hadoop/Storage

  26. CONSENT MANAGEMENT Deep dive into Exponea‘s consent management which will help you to understand which customers consent to the use of their data and in what ways you can use them.

  27. EXPONEA‘S CONSENT FRAMEWORK 1. Any number of consent types. 1. Access via Exponea UI, Data API or Campaigns module. 1. Lifelong history of consent changes and their usage in Campaigns. 1. Possible to enable automatic discarding of users who have no valid consent for such communication type. 1. By default every user is unsubscribed.

  28. PII ANONYMIZATION How do we present the data within Exponea to users without sufficient rights to see them?

  29. Overview anonymization: PII are anonymized and user without sufficient access rights can‘t access them. All other data within rows is visible.

  30. Detail anonymization: As on overview level, PII data are anonymized yet all other events are still visible and accessible to the user.

  31. LONDON, UK MANCHESTER, UK EDINBURGH, UK Elizabeth House, 39 York Road 1 Spinningfields, Quay Street 20/6 Fountainhall Road London SE1 7NQ, UK Manchester M3 3JE Edinburgh EH9 2NN +44 (0) 203 086 8894 +44 (0) 203 086 8894 +44 (0) 203 086 8894 PALO ALTO, CA PRAGUE, CZ BRATISLAVA, SK WARSAW, PL MOSCOW, RU Rohanské nábřeží 687/29, Karadžičova 8 , Postępu 14, 02 -676 10c1 Kozhevnicheskaya Street 456 University Ave 186 00 Prague, Czechia 821 09, Bratislava, Slovakia Warsaw, PL 115114, Moscow, RU Palo Alto, CA 94301 +1 (650) 440-7297 +420 601 372 909 +421 948 127 332 +48 603 663 766 +7 (495) 120 26 53 www.exponea.com

  32. Bonus 2: client’s gratitude to Exponea Missguided https://www.linkedin.com/feed/update/urn:li:activity:6435030958537265152/

  33. GDPR , IP / IT

  34. Vybrané právne výzvy pre technologické firmy

  35. GDPR Praktické výzvy „ 21. januára 2019 francúzsky regulátor CNIL udelil na základe ustanovení GDPR pokutu 50 miliónov eur spoločnosti GOOGLE LLC, a to kvôli nedostatku DPIA transparentnosti pri spracúvaní osobných údajov, neadekvátnemu informovaniu dotknutých osôb a nedostatkom Identifikácia pri získavaní súhlasu so spracúvaním vzťahu osobných údajov a cielenej reklame .“ Cezhraničné Právny základ prenosy

  36. GDPR DPIA Minimálne požiadavky DPIA je proces smerujúci k opisu • na DPIA podľa GDPR: spracúvania osobných údajov, posúdeniu jeho nutnosti a primeranosti Posúdenie a riadeniu rizík pre práva a slobody Systematický opis nutnosti fyzických osôb. plánovaných a primeranosti spracovateľských DPIA je proces na dosiahnutie • spracovateľských operácií a účelov a preukázanie súladu . operácií vo vzťahu spracúvania. k účelu. DPIA sa vyžaduje sa najmä v prípade: • systematického a rozsiahleho  Text hodnotenia osobných aspektov FO Posúdenie rizika Opatrenia založeného na automatizovanom pre práva na riešenie rizík spracúvaní vrátane profilovania a slobody a preukázanie dotknutých osôb. súladu s GDPR. spracúvania osobitných kategórií OÚ  vo veľkom rozsahu systematického monitorovania  verejne prístupných miest vo veľkom rozsahu.

  37. GDPR Právny základ „V praxi býva Súhlas pre spoločnosti problematické určenie správneho a relevantného právneho Zmluva základu spracúvania osobných údajov, ako aj ich častá duplicita.“ Zákon Ochrana životne dôležitých záujmov fyzickej osoby Plnenie úlohy vo verejnom záujme alebo pri výkone verejnej moci Oprávnený záujem

  38. GDPR Identifikácia vzťahu Prevádzkovateľ FO alebo PO, orgán verejnej moci, agentúra alebo iný subjekt, ktorý sám alebo spoločne s inými určí účely a prostriedky spracúvania OÚ Sprostredkovateľ FO alebo PO, orgán verejnej moci, agentúra alebo iný subjekt, ktorý spracúva osobné údaje v mene prevádzkovateľa

Recommend


More recommend