GDPR IN THE DIGITIZED WORLD - CHECKLIST AND STRATEGIES GDPR BREAKFAST EVENT – LONDON OCT’18
ABOUT PRIVACERA GLOBAL PARTNERS BACKED BY
PRIVACERA - ONE PLATFORM TO MANAGE DATA RISKS TEXT CONTROL DISCOVER ANONYMIZE WHAT TYPE OF DATA DATA/RESTRICT ACCESS STORED AND WHERE? SENSITIVE DATA DETECT REPORT MALICIOUS OR ANALYTICS ON SENSITIVE ACCIDENTAL USE DATA USE
CURRE CURRENT EN ENTER ERPRISE E LAN LANDSC DSCAP APE
ENTERPRISE DATA ON THE RISE
“More c companies b becoming d data co compani nies”
“Give c control o of d data b back t to in individ ividuals” s”
GDPR VS DATA PRIORITIES Give control of Leverage data data to to provide individuals better service
GDP GDPR – Ch Chec eckli klist t an and St Strat ateg egies ies
GDPR – CONSIDERATIONS RTBF and Data Personal Data Portability Consent Data Security
GDPR CHECKLIST Coordinate with Privacy and Security teams 1 Data discovery and classification 2 3 Address data subject rights Centralize data around consent, purpose 4 Analyze pseudoanonymization, encryption options 6 7 Constantly monitor personal data for breaches
WHERE IS PERSONAL DATA? Sensitive data could be hidden within data
CURRENT PARADIGM QUESTIONNAIRE • POINT IN TIME, DATA KEEPS CHANGING CONSTANTLY • ANSWERED BY BUSINESS AND IT ENTERPRISE USERS MAY TEAMS NOT KNOW ABOUT ALL DATA CHANGES Challenges DATA COMPILED INTO A DATA MAP
AUTOMATED DATA DISCOVERY - PRIVACERA ▸ Automatic discovery of personal and other sensitive data ▸ Leverage machine learning and NLP ▸ Easy Dashboard for creating data maps
DATA SUBJECT RIGHTS
PRIVACERA - ADDRESSING DATA SUBJECT RIGHTS ▸ Understanding a system has personal data is enough ▸ Need to know where individual record is stored ▸ Privacera can tie individual customer ids with where the information is stored ▸ Privacera APIs can address requests from individuals for their data
COLLECTING AND STORING CONSENT ▸ Affirmative consent for data processing ▸ Specific to data processing operation ▸ GDPR requires explicit consent for special categories of personal data ▸ Parental consent for processing children’s personal data ▸ Right to withdraw consent
HOW PRIVACERA CAN HELP? ▸ Privacera can enforce controls based on consent ▸ Integrate with customer preferences management systems ▸ Privacera analytics can report back on how personal data is accessed against the consent collected
PSUEDO-ANONYMIZATION ▸ GDPR encourages “pseudonymization” of personal data ▸ Pseudonymization is the separation of data from direct identifiers Pseudo/Token Anonymized value Jane Doe tygdhd XXXXXXX Mark Guy sdhuak XXXXXXX Joe Doe asjlchd XXXXXXX Jane Doe tygdhd XXXXXXX
DATA SECURITY AND DATA BREACH NOTIFICATIONS ▸ GDPR recommends “ensuring the ongoing confidentiality, integrity, availability and resilience” ▸ Availability and access to personal data in a timely manner ▸ Personal data breach to be notified to a supervisory authority ” not later than 72 hours after having become aware of it
HOW PRIVACERA CAN HELP ▸ Static and dynamic anonymization and tokenization capabilities ▸ Behavioral monitoring of use of personal data access
Dynamic Anonymization
Su Summar ary
SUMMARY ‣ Collaborate with Privacy and Security teams ‣ Understand how you are collecting and storing personal data ‣ Identify critical applications, databases and implement controls to automatically discover and control personal data ‣ Take a deep breath. It is a journey, not a milestone
GDPR@PRIVACERA.COM WWW.PRIVACERA.COM QUESTIONS ?
Recommend
More recommend
