View this webcast on-demand for key insights on how data quality can help you achieve GDPR compliance with confidence.
In May 2018, the General Data Protection Regulation (GDPR) will take effect, mandating strict new personal data protections to be observed by all organizations operating within the European Union (including the UK), as well as organizations anywhere in the world that holds and processes data on EU/UK residents. Noncompliance can lead to severe financial penalties.
Organizations will also have to prove their GDPR compliance, including documenting what data processing was performed and ensuring it was done correctly. But how can you know that your customer and other personal data are being processed accurately and completely, as intended?
In this webcast, you’ll learn:
• Key requirements of GDPR and potential risks to their organizations
• The critical role of Data Quality in GDPR compliance
• How to address data-related GDPR challenges through a practical, structured approach
2. Welcome!
Michael Urbonas
Director of Product Marketing, Data Quality
Syncsort
15 years of software experience including…
– BI/DW & data visualization
– Data management & ETL
– Text analytics
– Enterprise search
– Enterprise content management
3. Today’s agenda: Information you need about GDPR
What GDPR is and what it changes
GDPR readiness: What companies must be
prepared for
Why Data Quality is critical for GDPR compliance
How Data Quality simultaneously benefits GDPR
compliance and business growth
How Data Quality works with Data Governance
for GDPR compliance
4. What the General Data Protection Regulation (GDPR) is
New customer rights and controls over their
personal data
New business responsibilities and restrictions
regarding customers’ personal data
Applies to all companies that hold and process
data on “data subjects” (all persons who reside
in EU; also UK)
Fines up to 4% of annual global turnover or €20
million for breaching GDPR
5. What the General Data Protection Regulation (GDPR) is
Had GDPR been in place for the past five years, FTSE 100 companies with significant
customer interactions that incurred a known data breach during that time could have
owed up to £25 billion in fines to EU regulators, or £5 billion annually.
Source: Oliver Wyman, Global Management Consultancy (May 2017)
6. GDPR Readiness:
Companies must prepare for new customer demands
Customers will assert their new rights:
What do you know about me?
– Right to access data; receive a copy of data
This data about me is wrong; fix it!
– Right to inaccurate data correction
Erase all my data for good!
– Right to be forgotten
Has my data been breached?
– Right to be informed within 72 hours
How do you use what you know about me?
– Right to…limit processing of personal data
– object to how it is processed
– not participate in automated
marketing based on customer profile
7. Customers will assert their new rights:
What do you know about me?
– Right to access data; receive a copy of data
This data about me is wrong; fix it!
– Right to inaccurate data correction
Erase all my data for good!
– Right to be forgotten
Has my data been breached?
– Right to be informed within 72 hours
How do you use what you know about me?
– Right to…limit processing of personal data
– object to how it is processed
– not participate in automated
marketing based on customer profile
GDPR Readiness:
Companies must prepare for new customer demands
To comply, companies must already know:
What DO we know about a given customer?
– Personal data and sensitive personal data
Where IS our customers’ personal data?
– Data will span many sources, in various conditions
– Often hidden; not identified by metadata; e.g., data
buried within long text fields, incorrect fields; etc.
8. GDPR Readiness:
Companies must prepare for new customer demands
Customers will assert their new rights:
What do you know about me?
– Right to access personal data
This data about me is wrong; fix it!
– Right to inaccurate data correction
Erase all my data for good!
– Right to be forgotten
Has my data been breached?
– Right to be informed within 72 hours
How do you use what you know about me?
– Right to…limit processing of personal data
– object to how it is processed
– not participate in automated
marketing based on customer profile
To comply, companies must already know:
What DO we know about a given customer?
– Personal data and sensitive personal data
Where IS our customers’ personal data?
– Data will span many sources, in various conditions
– Often hidden; not identified by metadata; e.g., data
buried within long text fields, incorrect fields; etc.
Is our customer contact information current?
– Also: Current contact preferences/data usage rights?
9. GDPR Readiness:
Companies must prepare for new customer demands
Customers will assert their new rights:
What do you know about me?
– Right to access personal data
This data about me is wrong; fix it!
– Right to inaccurate data correction
Erase all my data for good!
– Right to be forgotten
Has my data been breached?
– Right to be informed within 72 hours
How do you use what you know about me?
– Right to…limit processing of personal data
– object to how it is processed
– not participate in automated
marketing based on customer profile
To comply, companies must already know:
What DO we know about a given customer?
– Personal data and sensitive personal data
Where IS our customers’ personal data?
– Data will span many sources, in various conditions
– Often hidden; not identified by metadata; e.g., data
buried within long text fields, incorrect fields; etc.
Is our customer contact information current?
– Also: Current contact preferences/data usage rights?
How ARE we processing customer data?
– Who is using it? For what purpose(s)?
– Where did it come from? Where does it go?
– Are we processing personal data as intended –
lawfully, securely, completely…?
10. GDPR Readiness:
Companies must prepare for new customer demands
Regulators will have new expectations:
Document proof your company’s personal data
processing adheres to GDPR principles (art. 5):
– Processed lawfully, transparently
– Collected for specific purposes
– Limited to data relevant for specific purposes
– Kept accurate and current
– Processed securely and protected
Provide documentation details as noted in
multiple GDPR articles, including:
– Record Processing Activities (art. 30)
– Security of Processing (art. 32)
– Data Protection Impact Assessment (art. 35)
11. GDPR Readiness:
Companies must prepare for new regulatory demands
Regulators will have new expectations:
Document proof your company’s personal data
processing adheres to GDPR principles (art. 5):
– Processed lawfully, transparently
– Collected for specific purposes
– Limited to data relevant for specific purposes
– Kept accurate and current
– Processed securely and protected
Provide documentation details as noted in
multiple GDPR articles, including:
– Record Processing Activities (art. 30)
– Security of Processing (art. 32)
– Data Protection Impact Assessment (art. 35)
To comply, companies must apply their
answers to previously-noted questions…
What DO we know about a given customer?
Where IS our customer data?
Is our customer contact information current?
How ARE we processing customer data?
… in the form of new business processes
providing evidence of GDPR compliance.
12. Why Data Quality is critical for GDPR compliance
Acquiring this knowledge
requires new discovery
processes.
Customers will assert their new rights.
To comply, companies must already know:
What DO we know about a given customer?
– Personal data and sensitive personal data
Where IS our customers’ personal data?
– Data will likely span many sources/silos
– Often hidden; not identified by metadata; e.g., data
buried within long text fields, incorrect fields; etc.
Is our customer contact information current?
– Also: Current contact preferences/data usage rights?
How ARE we processing customer data?
– Who is using it? For what purpose(s)?
– Where did it come from? Where does it go?
– Are we processing personal data as intended –
lawfully, securely, completely…?
13. Why Data Quality is critical for GDPR compliance
Regulators will have new expectations.
To comply, companies must apply their
answers to previously-noted questions…
What DO we know about a given customer?
Where IS our customer data?
Is our customer contact information current?
How ARE we processing customer data?
… in the form of new business processes
providing evidence of GDPR compliance.
Applying knowledge gained
from new discovery processes
requires new operational
processes.
14. Why Data Quality is critical for GDPR compliance
Lack of Standardization risks
exposure of Personal Data
Reference/Pointer
to other personal
data usage
Personal Data Fields
15. How Data Quality for GDPR compliance will also grow your business
15Syncsort Confidential and Proprietary - do not copy or distribute
High quality data means that you have the right information at the right time and
place for the right people to run your organization. Only an organization that has high
quality data will have the ability to comply with the GDPR.
Danette McGilvray,
Data quality expert and author
16. The Data Quality Process
Data Profiling
Data Discovery
Business Rules &
Data Quality
Assessment
17. The Data Quality Process
Data Profiling
Data Quality ProcessingData Discovery
Business Rules &
Data Quality
Assessment
Data Validation,
Standardization
& Linking
Data
Verification &
Enrichment
18. The Data Quality Process
Data Profiling
Data Quality ProcessingData Discovery
Business Rules &
Data Quality
Assessment
Data Validation,
Standardization
& Linking
Data
Verification &
Enrichment
and more…
Operational Integrations
Data
Governance
Analytics &
Reporting
19. Data Discovery
Key built-in functionality:
Automated out of the box data profiling capability:
– Discover data structure; generate data statistics
– Analyze data content; identify personal data and
data relationships
– Identify data dependencies, keys and joins
REST API for easy integration with other data tools
20. Data Discovery
Key built-in functionality:
Automated out of the box data profiling capability:
– Discover data structure; generate data statistics
– Analyze data content; identify personal data and
data relationships
– Identify data dependencies, keys and joins
REST API for easy integration with other data tools
Key self-serve functionality for business users:
Create and validate business rules
Quantify and prioritize data quality issues
Report on data quality metrics for accuracy,
consistency and completeness
Monitor quality thresholds and trends over time
21. Data Quality Processing
Rich functionality to cleanse data while
improving contextual understanding:
Parse data values from unstructured fields into
useful, usable new attributes
Verify and enrich global postal addresses
Standardize values for matching and linking
Enrich data with external, third-party sources
to create comprehensive, unified records
Link records spanning multiple sources of
personal data related to same customer
22. Bring Data Quality Processing into the Data Lake
“Design once, deploy anywhere”
– Visually design data quality jobs once and run anywhere
(MapReduce, Spark, Linux, Unix, Windows; on premise or
in the cloud)
– Use-case templates to fast-track development
– Test & debug locally in Windows/Linux; deploy to Big Data
– Intelligent Execution dynamically optimizes data
processing at run-time based on the chosen compute
framework; no changes or tuning required
Single GUI
Execute Anywhere
23. Data Quality in Action for GDPR: Example
Data Profiling
process reveals
text fields with
unexpected
personal data
Data Discovery
24. Data Quality in Action for GDPR: Example
Data Profiling
process reveals
text fields with
unexpected
personal data
Data Discovery
Business rules identify
original source of
unexpected personal
data
25. Data Quality in Action for GDPR: Example
Data Profiling
process reveals
text fields with
unexpected
personal data
Data Quality ProcessingData Discovery
Business rules identify
original source of
unexpected personal
data
New data
standardization routines
are added, ensuring
personal data is
removed
26. Data Quality in Action for GDPR: Example
Data Profiling
process reveals
text fields with
unexpected
personal data
Data Quality ProcessingData Discovery
Business rules identify
original source of
unexpected personal
data
New data
standardization routines
are added, ensuring
personal data is
removed
Data validation
routines measure
and monitor for
recurrences
27. Data Quality in Action for GDPR: Example
Data Profiling
process reveals
text fields with
unexpected
personal data
Data Quality ProcessingData Discovery
Business rules identify
original source of
unexpected personal
data
New data
standardization routines
are added, ensuring
personal data is
removed
Data validation
routines measure
and monitor for
recurrences
Analytics and
reporting,
including GDPR
policy reports
and dashboards
Integrations
Discovery API
integration
with Data
Governance
app triggers
issue mgmt
and controls
28. How Data Quality for GDPR compliance will also grow your business
28Syncsort Confidential and Proprietary - do not copy or distribute
I want organisations to think to themselves:
‘We base our online user experience around what consumers want.
We shape our products and services around what consumers want.
We need to shape our data protection approach around what consumers expect’.
Elizabeth Denham, UK Information Commissioner,
speaking on GDPR and accountability (Jan. 2017)
29. How Data Quality for GDPR compliance will also grow your business
360 Degree View of the Customer
Essential for successful customer engagement
and marketing campaigns that boost revenue
and reduce customer churn
Also critical for GDPR compliance
Both are enabled by enterprise data quality
technology
31. The Data Quality Process
Data Profiling
Data Quality ProcessingData Discovery
Business Rules &
Data Quality
Assessment
Data Validation,
Standardization
& Linking
Data
Verification &
Enrichment
Operational Integrations
Data
Governance
Analytics &
Reporting
32. The Data Quality Process
Data Profiling
Data Quality ProcessingData Discovery
Business Rules &
Data Quality
Assessment
Data Validation,
Standardization
& Linking
Data
Verification &
Enrichment
Customer
360
Operational Integrations
Data
Governance
Analytics &
Reporting
33. Data Quality and Data Governance for GDPR compliance
Data Governance is critical to
ensuring we are processing customer
data consistently and in full
regulatory compliance.
How ARE we processing customer data?
– Who is using it? For what purpose(s)?
– Where did it come from? Where does it go?
– Are we processing personal data as intended –
lawfully, securely, completely…?
35. Data Quality and Data Governance for GDPR compliance
Highly complimentary tools
Data Governance enables consistency and
compliance as to how data is collected, stored,
accessed, used and processed
Data Quality is a key enabler of data
governance, including:
– Discovering sources of, and relationships
between, personal data based on actual
content
– Enriches data governance system with deeper
content and insight
– Applying business rules to assess data quality
throughout data transformation processes
• Helps verify how personal data is
processed, without unintended results
36. Data Quality and Data Governance for GDPR compliance
Highly complimentary tools
Data Governance enables consistency and
compliance as to how data is collected, stored,
accessed, used and processed
Data Quality is a key enabler of data
governance, including:
– Discovering sources of, and relationships
between, personal data based on actual
content
– Enriches data governance system with deeper
content and insight
– Applying business rules to assess data quality
throughout data transformation processes
• Helps verify how personal data is
processed, without unintended results
Essential DQ/DG content for GDPR:
Data relationship maps
Data lineage graphs
42. Data Quality and Data Governance for GDPR compliance
Gain insight into where data quality might be compromised by data transformations and why.
Understand any changes that may impact critical data elements and data quality.
43. 43Syncsort Confidential and Proprietary - do not copy or distribute
GDPR also provides an opportunity to put together a more
comprehensive data quality and data governance capability that
provides more than compliance with confidence.
It also enables confidence in your data and putting it to effective use
to achieve increased revenues, customer loyalty and competitiveness.