SlideShare a Scribd company logo

GDPR: The Catalyst for Customer 360

Download as PPTX, PDF
DataStax
DataStax

Slides from our GDPR Webinar

Technology
1 of 38
5 July 2017 The GDPR: The catalyst for customer 360
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Founder and Executive Chairman, IT Governance Ltd Alan Calder Tim Vincent EMEA Solution Engineer Team Lead DataStax Speakers
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Introduction • Alan Calder • Founder, IT Governance Ltd • The single source for everything to do with IT governance, cyber risk management and IT compliance • IT Governance: An International Guide to Data Security and ISO27001/ISO27002 (Open University textbook) • www.itgovernance.co.uk
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 IT Governance Ltd: GRC One-stop shop All verticals, all sectors, all organisational sizes
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 We will cover: • The GDPR’s impact on businesses • Accountability and governance of data, data storage limitations, breach notifications, data subject rights, and compliance requirements • Unravelling the labyrinthine web of data using DataStax Enterprise Graph to bring legacy systems together and comply with the GDPR, building a 360-degree view of a company’s data subjects • The right to be forgotten and how DataStax Enterprise Graph can help companies comply with the Regulation’s requirements
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 The GDPR’s impact on businesses • Differentiating between controllers and processors – Critical that entities identify, in respect of their processing, whether they are a controller or a processor: – ‘Controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. – ‘Processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. – Processors may only process data in line with a contract from a controller. • Child’s consent: – A person under 16 years old may not consent to the processing of personal data in respect of an information age service. • Customer service: – Privacy notices will be more intrusive. – Additional services and options can’t assume consent. – Third party processors will have to be clearly identified. – Big data activities may be restricted.
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Material and territorial scope • Natural persons have rights associated with: – The protection of personal data. – The protection of the processing of personal data. – The unrestricted movement of personal data within the EU. • In material scope: – Personal data that is processed wholly or partly by automated means. – Personal data that is part of a filing system, or intended to be. – The Regulation applies to controllers and processors in the EU, irrespective of where processing takes place. Natural person = a living individual The GDPR also applies to controllers not in the EU
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Entry into force and application “This Regulation shall be binding in its entirety and directly applicable in all Member States.” KEY DATES • On 8 April 2016, the European Council adopted the Regulation. • On 14 April 2016, the European Parliament adopted the Regulation • On 4 May 2016, the official text of the Regulation was published in the EU Official Journal in all the official languages. • The Regulation entered into force on 24 May 2016, and will apply from 25 May 2018. • http://ec.europa.eu/justice/data-protection/reform/index_en.htm Final text of the Regulation: http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016R0679
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Remedies and liabilities – Data subjects shall have recourse to judicial remedy where: º In the courts of the Member State where the controller or processor has an establishment. º In the courts of the Member State where the data subject habitually resides. – Any person who has suffered material, or non-material, damage shall have the right to receive compensation from the controller or processor. – The controller involved in processing shall be liable for damage caused by processing. Natural persons have rights
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Penalties – In each case, fines will be effective, proportionate and dissuasive – Fines administrated will take into account technical and organisational measures implemented. – €10,000,000 or, in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year. Administrative fines – €20,000,000 or, in case of an undertaking, up to 4% of the total worldwide annual turnover in the preceding financial year.
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 The Rights of data subjects • “The controller shall take appropriate measures to provide any information relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language (Article 11-1).” • The controller shall facilitate the exercise of data subject rights (Article 11-2). – Rights to: º Consent º Access º Rectification º Erasure º Restriction º Objection º Data portability; º Withdraw consent at any time; º Lodge a complaint with a supervisory authority; º Be informed of the existence of automated decision-making, including profiling, as well as the anticipated consequences for the data subject.
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 The principle of accountability and what it means “The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 ('accountability').” Article 5 – principles relating to the processing of personal data
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Lawfulness (Art 5 – 6) • Personal data must be secured against accidental loss, destruction or damage • Processing must be lawful – which means, inter alia: – Data subject must give consent for specific purposes – There are specific circumstances where consent is not required º So that the controller can comply with legal obligations, etc. • One month to respond to subject access requests – and no charges • Controllers and processors clearly distinguished – Clearly identified obligations – Controllers responsible for ensuring processors comply with contractual terms for processing information – Processors must operate under a legally binding contract º And note issues around extra-territoriality
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Consent (Art. 7-9) • Consent must be clear and affirmative – Must be able to demonstrate that consent was given – Silence or inactivity does not constitute consent – Written consent must be clear, intelligible and easily accessible, or it is not binding – Consent can be withdrawn any time, and it must be as easy to withdraw consent as to give it • Special conditions apply for a child (under 16) giving consent • Explicit consent must be given for processing sensitive personal data – Race, ethnic origin, political beliefs, etc. – Specific circumstances allow non-consensual processing, e.g. to protect vital interests of the data subject • Secure against accidental loss, destruction or damage (article 5) • Consent must be documented.
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Transparency (Art. 12-17) • Any communications with a data subject must be concise, transparent and intelligible • The controller must be transparent in providing information about itself and the purposes of the processing • The controller must provide the data subject with information about their rights • There are specific provisions (Article 14) covering data not obtained directly from the data subject • Data subjects have rights to access, rectification, erasure (‘right to be forgotten’), to restriction of processing, and data portability
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Privacy by design (Art. 25 et seq. ) • Privacy must now be designed into data processing by default • Data protection impact assessments are mandatory (Article 35) – For technologies and processes that are likely to result in a high risk to rights of data subjects • Documentary evidence is crucial • Data audits – The GDPR applies to existing data, as well as future data – Privacy may have to be designed retrospectively – Organisations need to identify what personal data they hold, where and on what grounds they hold it, and how it is secured in a way that will meet the requirements of the GDPR
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Data breaches under the GDPR A 'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. Definition • Notify supervisory authority no later than 72 hours after discovery • Must describe the nature of the breach • No requirement to notify if no risk to rights and freedoms of natural persons • Failure to report within 72 hours requires explanation • Notify the data controller of a breach without delay • All data breaches have to be reported (no exemptions) • European Data Protection Board (EDPB) to issue clarification with regard to ‘undue delay Controller obligations Processor obligations
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Data Breaches Obligation for data controller to communicate a personal data breach to data subjects • Communicate with data subjects without undue delay if the breach represents a high risk to data subjects' rights • Communication must be in clear, plain language • Supervisory authority may compel communication with data subject • Appropriate technical and organisational measures were taken • A high risk to the data subjects will not materialise • Communication with data subjects would involve disproportionate effort Exemptions
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Security of Processing – Pseudonymisation and encryption of personal data – Measures to ensure the ongoing confidentiality, integrity and availability of systems – A process for regularly testing, assessing and evaluating the effectiveness of security measures It is a requirement for data controllers and data processors to implement a level of security appropriate to the risk. This includes Security measures taken need to comply with the concept of privacy by design.
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Cyber-security assurance • A GDPR requirement – data controllers must implement “appropriate technical and organisational measures to ensure and to be able to demonstrate that the processing is performed in accordance with this Regulation”. – Must include appropriate data protection policies – Local authorities may use adherence to approved codes of conduct or management system certifications “as an element by which to demonstrate compliance with their obligations” – ICO and BSI are both developing new GDPR-focused standards • ISO 27001 already meets the “appropriate technical and organisational measures” requirement • BS 10012 was developed specifically for the GDPR – It provides assurance to the board that data security is being managed in accordance with the Regulation – It helps manage all information assets and all information security within the organisation – protecting against all threats
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Nine Steps to GDPR compliance in the Local Government STEP 1: Establish governance framework • board awareness • risk register • accountability framework • review STEP 2: Appoint and/or train a DPO/SDPO STEP 3: Data inventory • identify processors • identify unlawfully held data STEP 4: Conduct data flow audit
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 STEP 5: Compliance gap analysis 1. Ensure Privacy Notice and SAR documents and processes are robust and legal 2. Records of processing STEP 6: PIA and security gap analysis STEP 7: Remediate 1. Privacy compliance framework 2. Cyber Essentials/Ten Steps to Cyber Security/ISO 27001 STEP 8: Data breach response process (NB: Test!) STEP 9: Monitor, audit and continually improve NB: steps can be tackled in parallel Nine Steps to GDPR compliance in the Local Government
GDPR: The Catalyst for Customer 360 Tim Vincent EMEA Solution Engineering Manager timothy.vincent@datastax.com
© DataStax, All Rights Reserved.24 Article 20 - How do you present a Data Subject with a view of the data you hold on them? Article 17 - Right to Erasure or Right to be Forgotten, how do you locate all data on a Subject? Do you have a Single View of your Customer?
Data Exists in Silos © DataStax, All Rights Reserved.25 Mortgage Bank Account House Insurance Life Cover
MDM is NOT the Answer 26 MDM • Provides a single source of customer record, a golden record • MDM is not a data integration tool https://tinyurl.com/forrester-mdm • A static customer profile view with structured, limited data However, to achieve GDPR data subject access and right to erasure in the digital era, you need a data platform beyond MDM that: • Integrates MDM and other data sources, including real time customer activity data • Delivers contextual customer view in real-time • Operationalizes customer data for instant insights and actions • Guarantees 100% uptime • Allows global data access Customer Master 3rd party data C360 Reporting Analytics Discovery
Not Only a Single Customer View Now a Customer 360 View 27 Guaranteed global access Real-time customer information and responsiveness Always-on, undisrupted customer experience A contextual, connected, single view of the customer
© DataStax, All Rights Reserved.28 Now you can so so much more Real-Time Personalization View and manage the data access controls for Data Subjects. Drive engagement by guaranteeing crucial feedback, a tailored experience, and instantly actionable insight.
C360 Application Characteristics 29 Real-Time DistributedAlways-OnContextual Scalable
DataStax Enterprise © DataStax, All Rights Reserved.30 Continuously Available Linearly Scalable Geographically Distributed Instantaneously Responsive Integrated Search & Analytics Database for Real time C360
Always-On Data Management for C360 31 CX DATA FRAMEWORK CX Data Platform (DSE) ANALYTICS APIs DATA MODEL DATA QUALITY GOVERNANCE MATCH & RELATE SECURITY & ACCESS Testing MonitorDevelopmentArchitecture C360 Personalization Recommendation Compliance DATA INGEST INDEX & SEARCH Deployment
DSE Graph Data Model Powers Customer 360 • Massively scalable, distributed graph database optimized for storing, traversing and querying complex graph data in real-time • Uses Gremlin graph traversal language • Analytics on graph data supported via Spark • Supports complex text search 32 DSE Graph provides a contextual view of your customers by revealing the complex relationships among your customer data across all touchpoints.
Better Banking Experience with Great Customer Data 33 Mobile Web Mobile Banking Customer Service Internal Data(DB2) External Data Complaints Channel Customer Relationships Transactions Products Interactions Credit Reference Agencies Social MediaPitchbook CACI PSD2 GDPR MULTINATIONAL COMPANY IN FINANCIAL SERVICES CX DATA FRAMEWORK CX Data Platform (DSE) ANALYTICS APIS DATA MODEL DATA QUALITY GOVERNANCE MATCH & RELATE SECURITY & ACCESS Testing MonitorDevelopmentArchitecture C360 Personalization Recommendation Fraud DATA INGEST DATA SYNC Deployment
We are the power behind the moment. © 2017 DataStax, All Rights Reserved. Company Confidential
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Self help materials A Pocket guide www.itgovernance.co.uk/shop/P roduct/eu-gdpr-a-pocket-guide Implementation manual www.itgovernance.co.uk/shop/Pr oduct/eu-general-data-protection- regulation-gdpr-an- implementation-and-compliance- guide Documentation toolkit www.itgovernance.co.uk/shop/P roduct/eu-general-data- protection-regulation-gdpr- documentation-toolkit Compliance gap assessment tool www.itgovernance.co.uk/shop/Pr oduct/eu-gdpr-compliance-gap- assessment-tool
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Training One-Day accredited Foundation course (classroom, online, distance learning) www.itgovernance.co.uk/shop/Product/certified-eu-general-data- protection-regulation-foundation-gdpr-training-course Four-Day accredited Practitioner course (classroom, online, distance learning) www.itgovernance.co.uk/shop/Product/certified-eu-general-data- protection-regulation-practitioner-gdpr-training-course One-Day data protection impact assessment (DPIA) workshop (classroom) www.itgovernance.co.uk/shop/Product/data-protection-impact- assessment-dpia-workshop
TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 GDPR compliance programme support • Gap analysis • Unless you have a team in place, external experienced support can be valuable and independent means of assessing the exact standing of your current legal situation, security practices and operating procedures in relation to the DPA or the GDPR. • Data flow audit • Data mapping involves plotting out all of your data flows, which involves drawing up an extensive inventory of the data to understand where the data flows from, within and to. This type of analysis is a key requirement of the GDPR. • Implementing a personal information management system (PIMS) • Establishing a PIMS as part of your overall business management system will ensure that data protection management is placed within a robust framework, which will be looked upon favourably by the regulator when it comes to DPA compliance. • Implementing an compliant ISMS with ISO 27001 • ISO27001 is an effective foundation in complying with GDPR. It can be daunting, external help can also help establish an ISO 27001 compliant Information Management Security System quickly and without the hassle, no matter where your authority is located. • Cyber health check • A cyber Health Check combined with remote vulnerability assessments can be useful in assessing your cyber risk exposure. www.itgovernance.co.uk/dpa-compliance-consultancy
Questions?

Recommended

Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPRIT Governance Ltd
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceIT Governance Ltd
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRIT Governance Ltd
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017isc2-hellenic
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRIT Governance Ltd
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies Benoît De Nayer
 

Recommended

Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPRIT Governance Ltd
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceIT Governance Ltd
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRIT Governance Ltd
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017isc2-hellenic
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRIT Governance Ltd
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies Benoît De Nayer
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
The first steps towards GDPR compliance 
The first steps towards GDPR compliance The first steps towards GDPR compliance 
The first steps towards GDPR compliance IT Governance Ltd
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR OverviewTrish McGinity, CCSK
 
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...IT Governance Ltd
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersIT Governance Ltd
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT LegalCyber Watching
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is hereRichard Hogg,Global GDPR Offerings Evangelist
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...IT Governance Ltd
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR DemystifiedSPIN Chennai
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashedChris Gilmour
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Stephanie Vasey
 
GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017isc2-hellenic
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer IT Governance Ltd
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for TechiesLilian Edwards
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRHans Demeyer
 
Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)
Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)
Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)Guido Schmutz
 
Extended 360 degree view of customer
Extended 360 degree view of customerExtended 360 degree view of customer
Extended 360 degree view of customerTrisha Dutta
 

More Related Content

What's hot

EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
The first steps towards GDPR compliance 
The first steps towards GDPR compliance The first steps towards GDPR compliance 
The first steps towards GDPR compliance IT Governance Ltd
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...IT Governance Ltd
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersIT Governance Ltd
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT LegalCyber Watching
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...IT Governance Ltd
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashedChris Gilmour
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Stephanie Vasey
 
GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017isc2-hellenic
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer IT Governance Ltd
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRHans Demeyer
 

What's hot (20)

EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
The first steps towards GDPR compliance 
The first steps towards GDPR compliance The first steps towards GDPR compliance 
The first steps towards GDPR compliance 
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud Providers
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...
 
GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPR
 

Viewers also liked

Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)
Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)
Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)Guido Schmutz
 
Extended 360 degree view of customer
Extended 360 degree view of customerExtended 360 degree view of customer
Extended 360 degree view of customerTrisha Dutta
 
Gartner Customer 360 Summit 2012
Gartner Customer 360 Summit 2012Gartner Customer 360 Summit 2012
Gartner Customer 360 Summit 2012Vantive Media
 
The role of Big Data and Modern Data Management in Driving a Customer 360 fro...
The role of Big Data and Modern Data Management in Driving a Customer 360 fro...The role of Big Data and Modern Data Management in Driving a Customer 360 fro...
The role of Big Data and Modern Data Management in Driving a Customer 360 fro...Cloudera, Inc.
 
Big_data for marketing and sales
Big_data for marketing and salesBig_data for marketing and sales
Big_data for marketing and salesCMR WORLD TECH
 
B2B CMO forum summary 2014 03 06
B2B CMO forum summary 2014 03 06B2B CMO forum summary 2014 03 06
B2B CMO forum summary 2014 03 06Marketing Clinic
 
A Customer-Centric Banking Platform Powered by MongoDB
A Customer-Centric Banking Platform Powered by MongoDB A Customer-Centric Banking Platform Powered by MongoDB
A Customer-Centric Banking Platform Powered by MongoDB MongoDB
 
Apache Kafka Scalable Message Processing and more!
Apache Kafka Scalable Message Processing and more! Apache Kafka Scalable Message Processing and more!
Apache Kafka Scalable Message Processing and more! Guido Schmutz
 
CMA Summit 2012
CMA Summit 2012CMA Summit 2012
CMA Summit 2012Delvinia
 
Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)
Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE) Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)
Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE) Guido Schmutz
 
FinQLOUD platform for digital banking
FinQLOUD platform for digital bankingFinQLOUD platform for digital banking
FinQLOUD platform for digital bankingMaxim Orlovsky
 
How to build an effective omni-channel CRM & Marketing Strategy & 360 custome...
How to build an effective omni-channel CRM & Marketing Strategy & 360 custome...How to build an effective omni-channel CRM & Marketing Strategy & 360 custome...
How to build an effective omni-channel CRM & Marketing Strategy & 360 custome...Comarch
 
Graph in Customer 360 - StampedeCon Big Data Conference 2017
Graph in Customer 360 - StampedeCon Big Data Conference 2017Graph in Customer 360 - StampedeCon Big Data Conference 2017
Graph in Customer 360 - StampedeCon Big Data Conference 2017StampedeCon
 
Connected Banking Framework
Connected Banking FrameworkConnected Banking Framework
Connected Banking FrameworkKashif Akram
 
The Connected Consumer – Real-time Customer 360
The Connected Consumer – Real-time Customer 360The Connected Consumer – Real-time Customer 360
The Connected Consumer – Real-time Customer 360Capgemini
 
ANTS - 360 view of your customer - bigdata innovation summit 2016
ANTS - 360 view of your customer - bigdata innovation summit 2016ANTS - 360 view of your customer - bigdata innovation summit 2016
ANTS - 360 view of your customer - bigdata innovation summit 2016Dinh Le Dat (Kevin D.)
 
360° View of Your Customers
360° View of Your Customers360° View of Your Customers
360° View of Your CustomersOSF Commerce
 
Using Big Data to Drive Customer 360
Using Big Data to Drive Customer 360Using Big Data to Drive Customer 360
Using Big Data to Drive Customer 360Cloudera, Inc.
 
Data Driven-Toyota Customer 360 Insights on Apache Spark and MLlib-(Brian Kur...
Data Driven-Toyota Customer 360 Insights on Apache Spark and MLlib-(Brian Kur...Data Driven-Toyota Customer 360 Insights on Apache Spark and MLlib-(Brian Kur...
Data Driven-Toyota Customer 360 Insights on Apache Spark and MLlib-(Brian Kur...Spark Summit
 

Viewers also liked (20)

Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)
Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)
Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)
 
Extended 360 degree view of customer
Extended 360 degree view of customerExtended 360 degree view of customer
Extended 360 degree view of customer
 
Gartner Customer 360 Summit 2012
Gartner Customer 360 Summit 2012Gartner Customer 360 Summit 2012
Gartner Customer 360 Summit 2012
 
The role of Big Data and Modern Data Management in Driving a Customer 360 fro...
The role of Big Data and Modern Data Management in Driving a Customer 360 fro...The role of Big Data and Modern Data Management in Driving a Customer 360 fro...
The role of Big Data and Modern Data Management in Driving a Customer 360 fro...
 
Big_data for marketing and sales
Big_data for marketing and salesBig_data for marketing and sales
Big_data for marketing and sales
 
B2B CMO forum summary 2014 03 06
B2B CMO forum summary 2014 03 06B2B CMO forum summary 2014 03 06
B2B CMO forum summary 2014 03 06
 
A Customer-Centric Banking Platform Powered by MongoDB
A Customer-Centric Banking Platform Powered by MongoDB A Customer-Centric Banking Platform Powered by MongoDB
A Customer-Centric Banking Platform Powered by MongoDB
 
Solution Blueprint - Customer 360
Solution Blueprint - Customer 360Solution Blueprint - Customer 360
Solution Blueprint - Customer 360
 
Apache Kafka Scalable Message Processing and more!
Apache Kafka Scalable Message Processing and more! Apache Kafka Scalable Message Processing and more!
Apache Kafka Scalable Message Processing and more!
 
CMA Summit 2012
CMA Summit 2012CMA Summit 2012
CMA Summit 2012
 
Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)
Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE) Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)
Customer Event Hub – a modern Customer 360° view with DataStax Enterprise (DSE)
 
FinQLOUD platform for digital banking
FinQLOUD platform for digital bankingFinQLOUD platform for digital banking
FinQLOUD platform for digital banking
 
How to build an effective omni-channel CRM & Marketing Strategy & 360 custome...
How to build an effective omni-channel CRM & Marketing Strategy & 360 custome...How to build an effective omni-channel CRM & Marketing Strategy & 360 custome...
How to build an effective omni-channel CRM & Marketing Strategy & 360 custome...
 
Graph in Customer 360 - StampedeCon Big Data Conference 2017
Graph in Customer 360 - StampedeCon Big Data Conference 2017Graph in Customer 360 - StampedeCon Big Data Conference 2017
Graph in Customer 360 - StampedeCon Big Data Conference 2017
 
Connected Banking Framework
Connected Banking FrameworkConnected Banking Framework
Connected Banking Framework
 
The Connected Consumer – Real-time Customer 360
The Connected Consumer – Real-time Customer 360The Connected Consumer – Real-time Customer 360
The Connected Consumer – Real-time Customer 360
 
ANTS - 360 view of your customer - bigdata innovation summit 2016
ANTS - 360 view of your customer - bigdata innovation summit 2016ANTS - 360 view of your customer - bigdata innovation summit 2016
ANTS - 360 view of your customer - bigdata innovation summit 2016
 
360° View of Your Customers
360° View of Your Customers360° View of Your Customers
360° View of Your Customers
 
Using Big Data to Drive Customer 360
Using Big Data to Drive Customer 360Using Big Data to Drive Customer 360
Using Big Data to Drive Customer 360
 
Data Driven-Toyota Customer 360 Insights on Apache Spark and MLlib-(Brian Kur...
Data Driven-Toyota Customer 360 Insights on Apache Spark and MLlib-(Brian Kur...Data Driven-Toyota Customer 360 Insights on Apache Spark and MLlib-(Brian Kur...
Data Driven-Toyota Customer 360 Insights on Apache Spark and MLlib-(Brian Kur...
 

Similar to GDPR: The Catalyst for Customer 360

Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")Parsons Behle & Latimer
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupThe Pathway Group
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRCase IQ
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
 
Data Breaches and the EU GDPR
Data Breaches and the EU GDPRData Breaches and the EU GDPR
Data Breaches and the EU GDPRIT Governance Ltd
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
 
Dataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptxDataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptxMarco Gioanola
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 

Similar to GDPR: The Catalyst for Customer 360 (20)

Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway Group
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
Data Breaches and the EU GDPR
Data Breaches and the EU GDPRData Breaches and the EU GDPR
Data Breaches and the EU GDPR
 
GDPR 101
GDPR 101 GDPR 101
GDPR 101
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
 
Dataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptxDataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptx
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
 
GDPR Summary
GDPR SummaryGDPR Summary
GDPR Summary
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 

More from DataStax

Is Your Enterprise Ready to Shine This Holiday Season?
Is Your Enterprise Ready to Shine This Holiday Season?Is Your Enterprise Ready to Shine This Holiday Season?
Is Your Enterprise Ready to Shine This Holiday Season?DataStax
 
Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...
Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...
Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...DataStax
 
Running DataStax Enterprise in VMware Cloud and Hybrid Environments
Running DataStax Enterprise in VMware Cloud and Hybrid EnvironmentsRunning DataStax Enterprise in VMware Cloud and Hybrid Environments
Running DataStax Enterprise in VMware Cloud and Hybrid EnvironmentsDataStax
 
Best Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise GraphBest Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise GraphDataStax
 
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step JourneyWebinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step JourneyDataStax
 
Webinar | How to Understand Apache Cassandra™ Performance Through Read/Writ...
Webinar | How to Understand Apache Cassandra™ Performance Through Read/Writ...Webinar | How to Understand Apache Cassandra™ Performance Through Read/Writ...
Webinar | How to Understand Apache Cassandra™ Performance Through Read/Writ...DataStax
 
Webinar | Better Together: Apache Cassandra and Apache Kafka
Webinar | Better Together: Apache Cassandra and Apache KafkaWebinar | Better Together: Apache Cassandra and Apache Kafka
Webinar | Better Together: Apache Cassandra and Apache KafkaDataStax
 
Top 10 Best Practices for Apache Cassandra and DataStax Enterprise
Top 10 Best Practices for Apache Cassandra and DataStax EnterpriseTop 10 Best Practices for Apache Cassandra and DataStax Enterprise
Top 10 Best Practices for Apache Cassandra and DataStax EnterpriseDataStax
 
Introduction to Apache Cassandra™ + What’s New in 4.0
Introduction to Apache Cassandra™ + What’s New in 4.0Introduction to Apache Cassandra™ + What’s New in 4.0
Introduction to Apache Cassandra™ + What’s New in 4.0DataStax
 
Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...
Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...
Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...DataStax
 
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud RealitiesWebinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud RealitiesDataStax
 
Designing a Distributed Cloud Database for Dummies
Designing a Distributed Cloud Database for DummiesDesigning a Distributed Cloud Database for Dummies
Designing a Distributed Cloud Database for DummiesDataStax
 
How to Power Innovation with Geo-Distributed Data Management in Hybrid Cloud
How to Power Innovation with Geo-Distributed Data Management in Hybrid CloudHow to Power Innovation with Geo-Distributed Data Management in Hybrid Cloud
How to Power Innovation with Geo-Distributed Data Management in Hybrid CloudDataStax
 
How to Evaluate Cloud Databases for eCommerce
How to Evaluate Cloud Databases for eCommerceHow to Evaluate Cloud Databases for eCommerce
How to Evaluate Cloud Databases for eCommerceDataStax
 
Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...
Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...
Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...DataStax
 
Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...
Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...
Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...DataStax
 
Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...
Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...
Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...DataStax
 
Datastax - The Architect's guide to customer experience (CX)
Datastax - The Architect's guide to customer experience (CX)Datastax - The Architect's guide to customer experience (CX)
Datastax - The Architect's guide to customer experience (CX)DataStax
 
An Operational Data Layer is Critical for Transformative Banking Applications
An Operational Data Layer is Critical for Transformative Banking ApplicationsAn Operational Data Layer is Critical for Transformative Banking Applications
An Operational Data Layer is Critical for Transformative Banking ApplicationsDataStax
 
Becoming a Customer-Centric Enterprise Via Real-Time Data and Design Thinking
Becoming a Customer-Centric Enterprise Via Real-Time Data and Design ThinkingBecoming a Customer-Centric Enterprise Via Real-Time Data and Design Thinking
Becoming a Customer-Centric Enterprise Via Real-Time Data and Design ThinkingDataStax
 

More from DataStax (20)

Is Your Enterprise Ready to Shine This Holiday Season?
Is Your Enterprise Ready to Shine This Holiday Season?Is Your Enterprise Ready to Shine This Holiday Season?
Is Your Enterprise Ready to Shine This Holiday Season?
 
Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...
Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...
Designing Fault-Tolerant Applications with DataStax Enterprise and Apache Cas...
 
Running DataStax Enterprise in VMware Cloud and Hybrid Environments
Running DataStax Enterprise in VMware Cloud and Hybrid EnvironmentsRunning DataStax Enterprise in VMware Cloud and Hybrid Environments
Running DataStax Enterprise in VMware Cloud and Hybrid Environments
 
Best Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise GraphBest Practices for Getting to Production with DataStax Enterprise Graph
Best Practices for Getting to Production with DataStax Enterprise Graph
 
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step JourneyWebinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
Webinar | Data Management for Hybrid and Multi-Cloud: A Four-Step Journey
 
Webinar | How to Understand Apache Cassandra™ Performance Through Read/Writ...
Webinar | How to Understand Apache Cassandra™ Performance Through Read/Writ...Webinar | How to Understand Apache Cassandra™ Performance Through Read/Writ...
Webinar | How to Understand Apache Cassandra™ Performance Through Read/Writ...
 
Webinar | Better Together: Apache Cassandra and Apache Kafka
Webinar | Better Together: Apache Cassandra and Apache KafkaWebinar | Better Together: Apache Cassandra and Apache Kafka
Webinar | Better Together: Apache Cassandra and Apache Kafka
 
Top 10 Best Practices for Apache Cassandra and DataStax Enterprise
Top 10 Best Practices for Apache Cassandra and DataStax EnterpriseTop 10 Best Practices for Apache Cassandra and DataStax Enterprise
Top 10 Best Practices for Apache Cassandra and DataStax Enterprise
 
Introduction to Apache Cassandra™ + What’s New in 4.0
Introduction to Apache Cassandra™ + What’s New in 4.0Introduction to Apache Cassandra™ + What’s New in 4.0
Introduction to Apache Cassandra™ + What’s New in 4.0
 
Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...
Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...
Webinar: How Active Everywhere Database Architecture Accelerates Hybrid Cloud...
 
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud RealitiesWebinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
Webinar | Aligning GDPR Requirements with Today's Hybrid Cloud Realities
 
Designing a Distributed Cloud Database for Dummies
Designing a Distributed Cloud Database for DummiesDesigning a Distributed Cloud Database for Dummies
Designing a Distributed Cloud Database for Dummies
 
How to Power Innovation with Geo-Distributed Data Management in Hybrid Cloud
How to Power Innovation with Geo-Distributed Data Management in Hybrid CloudHow to Power Innovation with Geo-Distributed Data Management in Hybrid Cloud
How to Power Innovation with Geo-Distributed Data Management in Hybrid Cloud
 
How to Evaluate Cloud Databases for eCommerce
How to Evaluate Cloud Databases for eCommerceHow to Evaluate Cloud Databases for eCommerce
How to Evaluate Cloud Databases for eCommerce
 
Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...
Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...
Webinar: DataStax Enterprise 6: 10 Ways to Multiply the Power of Apache Cassa...
 
Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...
Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...
Webinar: DataStax and Microsoft Azure: Empowering the Right-Now Enterprise wi...
 
Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...
Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...
Webinar - Real-Time Customer Experience for the Right-Now Enterprise featurin...
 
Datastax - The Architect's guide to customer experience (CX)
Datastax - The Architect's guide to customer experience (CX)Datastax - The Architect's guide to customer experience (CX)
Datastax - The Architect's guide to customer experience (CX)
 
An Operational Data Layer is Critical for Transformative Banking Applications
An Operational Data Layer is Critical for Transformative Banking ApplicationsAn Operational Data Layer is Critical for Transformative Banking Applications
An Operational Data Layer is Critical for Transformative Banking Applications
 
Becoming a Customer-Centric Enterprise Via Real-Time Data and Design Thinking
Becoming a Customer-Centric Enterprise Via Real-Time Data and Design ThinkingBecoming a Customer-Centric Enterprise Via Real-Time Data and Design Thinking
Becoming a Customer-Centric Enterprise Via Real-Time Data and Design Thinking
 

Recently uploaded

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

GDPR: The Catalyst for Customer 360

  • 1. 5 July 2017 The GDPR: The catalyst for customer 360
  • 2. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Founder and Executive Chairman, IT Governance Ltd Alan Calder Tim Vincent EMEA Solution Engineer Team Lead DataStax Speakers
  • 3. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Introduction • Alan Calder • Founder, IT Governance Ltd • The single source for everything to do with IT governance, cyber risk management and IT compliance • IT Governance: An International Guide to Data Security and ISO27001/ISO27002 (Open University textbook) • www.itgovernance.co.uk
  • 4. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 IT Governance Ltd: GRC One-stop shop All verticals, all sectors, all organisational sizes
  • 5. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 We will cover: • The GDPR’s impact on businesses • Accountability and governance of data, data storage limitations, breach notifications, data subject rights, and compliance requirements • Unravelling the labyrinthine web of data using DataStax Enterprise Graph to bring legacy systems together and comply with the GDPR, building a 360-degree view of a company’s data subjects • The right to be forgotten and how DataStax Enterprise Graph can help companies comply with the Regulation’s requirements
  • 6. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 The GDPR’s impact on businesses • Differentiating between controllers and processors – Critical that entities identify, in respect of their processing, whether they are a controller or a processor: – ‘Controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. – ‘Processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. – Processors may only process data in line with a contract from a controller. • Child’s consent: – A person under 16 years old may not consent to the processing of personal data in respect of an information age service. • Customer service: – Privacy notices will be more intrusive. – Additional services and options can’t assume consent. – Third party processors will have to be clearly identified. – Big data activities may be restricted.
  • 7. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Material and territorial scope • Natural persons have rights associated with: – The protection of personal data. – The protection of the processing of personal data. – The unrestricted movement of personal data within the EU. • In material scope: – Personal data that is processed wholly or partly by automated means. – Personal data that is part of a filing system, or intended to be. – The Regulation applies to controllers and processors in the EU, irrespective of where processing takes place. Natural person = a living individual The GDPR also applies to controllers not in the EU
  • 8. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Entry into force and application “This Regulation shall be binding in its entirety and directly applicable in all Member States.” KEY DATES • On 8 April 2016, the European Council adopted the Regulation. • On 14 April 2016, the European Parliament adopted the Regulation • On 4 May 2016, the official text of the Regulation was published in the EU Official Journal in all the official languages. • The Regulation entered into force on 24 May 2016, and will apply from 25 May 2018. • http://ec.europa.eu/justice/data-protection/reform/index_en.htm Final text of the Regulation: http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016R0679
  • 9. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Remedies and liabilities – Data subjects shall have recourse to judicial remedy where: º In the courts of the Member State where the controller or processor has an establishment. º In the courts of the Member State where the data subject habitually resides. – Any person who has suffered material, or non-material, damage shall have the right to receive compensation from the controller or processor. – The controller involved in processing shall be liable for damage caused by processing. Natural persons have rights
  • 10. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Penalties – In each case, fines will be effective, proportionate and dissuasive – Fines administrated will take into account technical and organisational measures implemented. – €10,000,000 or, in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year. Administrative fines – €20,000,000 or, in case of an undertaking, up to 4% of the total worldwide annual turnover in the preceding financial year.
  • 11. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 The Rights of data subjects • “The controller shall take appropriate measures to provide any information relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language (Article 11-1).” • The controller shall facilitate the exercise of data subject rights (Article 11-2). – Rights to: º Consent º Access º Rectification º Erasure º Restriction º Objection º Data portability; º Withdraw consent at any time; º Lodge a complaint with a supervisory authority; º Be informed of the existence of automated decision-making, including profiling, as well as the anticipated consequences for the data subject.
  • 12. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 The principle of accountability and what it means “The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 ('accountability').” Article 5 – principles relating to the processing of personal data
  • 13. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Lawfulness (Art 5 – 6) • Personal data must be secured against accidental loss, destruction or damage • Processing must be lawful – which means, inter alia: – Data subject must give consent for specific purposes – There are specific circumstances where consent is not required º So that the controller can comply with legal obligations, etc. • One month to respond to subject access requests – and no charges • Controllers and processors clearly distinguished – Clearly identified obligations – Controllers responsible for ensuring processors comply with contractual terms for processing information – Processors must operate under a legally binding contract º And note issues around extra-territoriality
  • 14. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Consent (Art. 7-9) • Consent must be clear and affirmative – Must be able to demonstrate that consent was given – Silence or inactivity does not constitute consent – Written consent must be clear, intelligible and easily accessible, or it is not binding – Consent can be withdrawn any time, and it must be as easy to withdraw consent as to give it • Special conditions apply for a child (under 16) giving consent • Explicit consent must be given for processing sensitive personal data – Race, ethnic origin, political beliefs, etc. – Specific circumstances allow non-consensual processing, e.g. to protect vital interests of the data subject • Secure against accidental loss, destruction or damage (article 5) • Consent must be documented.
  • 15. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Transparency (Art. 12-17) • Any communications with a data subject must be concise, transparent and intelligible • The controller must be transparent in providing information about itself and the purposes of the processing • The controller must provide the data subject with information about their rights • There are specific provisions (Article 14) covering data not obtained directly from the data subject • Data subjects have rights to access, rectification, erasure (‘right to be forgotten’), to restriction of processing, and data portability
  • 16. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Privacy by design (Art. 25 et seq. ) • Privacy must now be designed into data processing by default • Data protection impact assessments are mandatory (Article 35) – For technologies and processes that are likely to result in a high risk to rights of data subjects • Documentary evidence is crucial • Data audits – The GDPR applies to existing data, as well as future data – Privacy may have to be designed retrospectively – Organisations need to identify what personal data they hold, where and on what grounds they hold it, and how it is secured in a way that will meet the requirements of the GDPR
  • 17. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Data breaches under the GDPR A 'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. Definition • Notify supervisory authority no later than 72 hours after discovery • Must describe the nature of the breach • No requirement to notify if no risk to rights and freedoms of natural persons • Failure to report within 72 hours requires explanation • Notify the data controller of a breach without delay • All data breaches have to be reported (no exemptions) • European Data Protection Board (EDPB) to issue clarification with regard to ‘undue delay Controller obligations Processor obligations
  • 18. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Data Breaches Obligation for data controller to communicate a personal data breach to data subjects • Communicate with data subjects without undue delay if the breach represents a high risk to data subjects' rights • Communication must be in clear, plain language • Supervisory authority may compel communication with data subject • Appropriate technical and organisational measures were taken • A high risk to the data subjects will not materialise • Communication with data subjects would involve disproportionate effort Exemptions
  • 19. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Security of Processing – Pseudonymisation and encryption of personal data – Measures to ensure the ongoing confidentiality, integrity and availability of systems – A process for regularly testing, assessing and evaluating the effectiveness of security measures It is a requirement for data controllers and data processors to implement a level of security appropriate to the risk. This includes Security measures taken need to comply with the concept of privacy by design.
  • 20. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Cyber-security assurance • A GDPR requirement – data controllers must implement “appropriate technical and organisational measures to ensure and to be able to demonstrate that the processing is performed in accordance with this Regulation”. – Must include appropriate data protection policies – Local authorities may use adherence to approved codes of conduct or management system certifications “as an element by which to demonstrate compliance with their obligations” – ICO and BSI are both developing new GDPR-focused standards • ISO 27001 already meets the “appropriate technical and organisational measures” requirement • BS 10012 was developed specifically for the GDPR – It provides assurance to the board that data security is being managed in accordance with the Regulation – It helps manage all information assets and all information security within the organisation – protecting against all threats
  • 21. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Nine Steps to GDPR compliance in the Local Government STEP 1: Establish governance framework • board awareness • risk register • accountability framework • review STEP 2: Appoint and/or train a DPO/SDPO STEP 3: Data inventory • identify processors • identify unlawfully held data STEP 4: Conduct data flow audit
  • 22. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 STEP 5: Compliance gap analysis 1. Ensure Privacy Notice and SAR documents and processes are robust and legal 2. Records of processing STEP 6: PIA and security gap analysis STEP 7: Remediate 1. Privacy compliance framework 2. Cyber Essentials/Ten Steps to Cyber Security/ISO 27001 STEP 8: Data breach response process (NB: Test!) STEP 9: Monitor, audit and continually improve NB: steps can be tackled in parallel Nine Steps to GDPR compliance in the Local Government
  • 23. GDPR: The Catalyst for Customer 360 Tim Vincent EMEA Solution Engineering Manager timothy.vincent@datastax.com
  • 24. © DataStax, All Rights Reserved.24 Article 20 - How do you present a Data Subject with a view of the data you hold on them? Article 17 - Right to Erasure or Right to be Forgotten, how do you locate all data on a Subject? Do you have a Single View of your Customer?
  • 25. Data Exists in Silos © DataStax, All Rights Reserved.25 Mortgage Bank Account House Insurance Life Cover
  • 26. MDM is NOT the Answer 26 MDM • Provides a single source of customer record, a golden record • MDM is not a data integration tool https://tinyurl.com/forrester-mdm • A static customer profile view with structured, limited data However, to achieve GDPR data subject access and right to erasure in the digital era, you need a data platform beyond MDM that: • Integrates MDM and other data sources, including real time customer activity data • Delivers contextual customer view in real-time • Operationalizes customer data for instant insights and actions • Guarantees 100% uptime • Allows global data access Customer Master 3rd party data C360 Reporting Analytics Discovery
  • 27. Not Only a Single Customer View Now a Customer 360 View 27 Guaranteed global access Real-time customer information and responsiveness Always-on, undisrupted customer experience A contextual, connected, single view of the customer
  • 28. © DataStax, All Rights Reserved.28 Now you can so so much more Real-Time Personalization View and manage the data access controls for Data Subjects. Drive engagement by guaranteeing crucial feedback, a tailored experience, and instantly actionable insight.
  • 29. C360 Application Characteristics 29 Real-Time DistributedAlways-OnContextual Scalable
  • 30. DataStax Enterprise © DataStax, All Rights Reserved.30 Continuously Available Linearly Scalable Geographically Distributed Instantaneously Responsive Integrated Search & Analytics Database for Real time C360
  • 31. Always-On Data Management for C360 31 CX DATA FRAMEWORK CX Data Platform (DSE) ANALYTICS APIs DATA MODEL DATA QUALITY GOVERNANCE MATCH & RELATE SECURITY & ACCESS Testing MonitorDevelopmentArchitecture C360 Personalization Recommendation Compliance DATA INGEST INDEX & SEARCH Deployment
  • 32. DSE Graph Data Model Powers Customer 360 • Massively scalable, distributed graph database optimized for storing, traversing and querying complex graph data in real-time • Uses Gremlin graph traversal language • Analytics on graph data supported via Spark • Supports complex text search 32 DSE Graph provides a contextual view of your customers by revealing the complex relationships among your customer data across all touchpoints.
  • 33. Better Banking Experience with Great Customer Data 33 Mobile Web Mobile Banking Customer Service Internal Data(DB2) External Data Complaints Channel Customer Relationships Transactions Products Interactions Credit Reference Agencies Social MediaPitchbook CACI PSD2 GDPR MULTINATIONAL COMPANY IN FINANCIAL SERVICES CX DATA FRAMEWORK CX Data Platform (DSE) ANALYTICS APIS DATA MODEL DATA QUALITY GOVERNANCE MATCH & RELATE SECURITY & ACCESS Testing MonitorDevelopmentArchitecture C360 Personalization Recommendation Fraud DATA INGEST DATA SYNC Deployment
  • 34. We are the power behind the moment. © 2017 DataStax, All Rights Reserved. Company Confidential
  • 35. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Self help materials A Pocket guide www.itgovernance.co.uk/shop/P roduct/eu-gdpr-a-pocket-guide Implementation manual www.itgovernance.co.uk/shop/Pr oduct/eu-general-data-protection- regulation-gdpr-an- implementation-and-compliance- guide Documentation toolkit www.itgovernance.co.uk/shop/P roduct/eu-general-data- protection-regulation-gdpr- documentation-toolkit Compliance gap assessment tool www.itgovernance.co.uk/shop/Pr oduct/eu-gdpr-compliance-gap- assessment-tool
  • 36. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 Training One-Day accredited Foundation course (classroom, online, distance learning) www.itgovernance.co.uk/shop/Product/certified-eu-general-data- protection-regulation-foundation-gdpr-training-course Four-Day accredited Practitioner course (classroom, online, distance learning) www.itgovernance.co.uk/shop/Product/certified-eu-general-data- protection-regulation-practitioner-gdpr-training-course One-Day data protection impact assessment (DPIA) workshop (classroom) www.itgovernance.co.uk/shop/Product/data-protection-impact- assessment-dpia-workshop
  • 37. TM www.itgovernance.co.uk Copyright IT Governance Ltd 2017 – v1.0 GDPR compliance programme support • Gap analysis • Unless you have a team in place, external experienced support can be valuable and independent means of assessing the exact standing of your current legal situation, security practices and operating procedures in relation to the DPA or the GDPR. • Data flow audit • Data mapping involves plotting out all of your data flows, which involves drawing up an extensive inventory of the data to understand where the data flows from, within and to. This type of analysis is a key requirement of the GDPR. • Implementing a personal information management system (PIMS) • Establishing a PIMS as part of your overall business management system will ensure that data protection management is placed within a robust framework, which will be looked upon favourably by the regulator when it comes to DPA compliance. • Implementing an compliant ISMS with ISO 27001 • ISO27001 is an effective foundation in complying with GDPR. It can be daunting, external help can also help establish an ISO 27001 compliant Information Management Security System quickly and without the hassle, no matter where your authority is located. • Cyber health check • A cyber Health Check combined with remote vulnerability assessments can be useful in assessing your cyber risk exposure. www.itgovernance.co.uk/dpa-compliance-consultancy