Europe’s General Data Protection Regulations (GDPR) will go into effect in less than a year (on 25 May 2018). Achieving data compliance is far from simple and businesses must continuously review how they gather, process and protect personal data. From how data is stored and used to how you secure and even erase information from corporate systems, discover how graph technology can address key challenges relating to Data Quality, Governance and Metadata Management.
2. Agenda
— Neo4j
— GDPR & its implications for data management
— How can a Graph Database help with GDPR
compliance?
— Trust-Hub
— A ‘privacy-by-design’ platform supporting the flow of
personal data across organisational ecosystems, based
on Neo4j
— Next Steps
Anthony Flynn
Sales Director UK & Ireland, Neo4j
Dr Jesús Barrasa
Sr Graph Solutions Consulting, Neo4j
Will Parton
Chief Technical Architect. Trust-Hub
3. Neo4j – Exploit the Business Value in Data Relationships
Data is increasing in volume…
• New digital processes
• More online transactions
• New social networks
• More devices
Using Data Relationships unlocks value and
new business capability
• Real-time recommendations
• Fraud detection
• Master data management
• Network and IT operations
• Identity and access management
• Graph-based search
… and is getting more connected
Customers, products, processes,
devices interact and relate to each
other
4. Unlocking Value from Your Data Relationships
• Model your data as a graph of data
and relationships
• Use relationship information in real-
time to transform your business
• Add new relationships on the fly to
adapt to your changing business
6. General Data Protection Regulation Regulation (EU) "
2016/679
• In effect from May 25 2018
• Introduces new rights for individuals:
• The ‘right to be forgotten’
• The right to control how and where personal data is used
• The right to know when privacy is breached
• The right to correct errors in personal data
• Introduces new responsibilities for organisations collecting
personal data:
• Ability to enforce the individual’s rights above
• Requirement to ensure that personal assent is properly
obtained and granted
• Adequate security and privacy of data
• Notification of the authorities when privacy is breached
• Requirement to enforce compliance on third parties
7. GDPR will impact every business
— Fines for breach of the regulations amount to 4% of global turnover(revenue) or €20M for each instance of
breach
— Organisations will have 72 hours to notify authorities and customers of serious breaches of data security
— Larger organisations will be required to appoint a Data Protection Officer (DPO)
— Active discussion of adding personal liability for the officers of the company
— Among the proposals for the U.K.’s new Digital Economy Bill (the Bill), due to become law next spring, was one
under which company directors would become personally liable for payment of fines as a result of nuisance calls
being made by their companies
— Businesses utilizing personal data for business purposes cannot assign responsibility to their cloud or
security service providers that are processing or storing personal data on their behalf
8. Implications of GDPR for Data Governance
• Organisations must be able to find every reference to an
individual regardless of where and how it is stored, and
completely remove all such instances if requested to
• Personal information relating to customers and other
stakeholders must be consistent across all systems
• Therefore compliance will depend on effective :
• Identification of related data across diverse data
sources.
• Data lineage capability to understand the flow of
data within organisational IT and to know where to
find it
• Effective Customer 360º View to manage all related
information
9. Protect Your Enterprise
Questions to ask concerning data management practices, policies, processes (systems) and awareness
What data do you
have?
• Data Asset Inventory
Why do you have
this data?
• Trace data to its usage,
cleanse the data
Where is this
data?
• Which system(s),
physical location of
data, data movement
How did you get
this data?
• Traceability and
irrefutable proof of data
source
When did you get
this data?
• Timestamped data
acquisition, access,
transfer
Who has access
to this data?
• People (training),
processes & systems
Is the data
Secure?
• Robust data
management lifecycle
and security practices
Do you maintain
a map of this
data?
• Is all of this meta-data available
in a connected fashion
10. Practical Steps towards GDPR compliance
— Implement a data governance platform
— Data definition via business glossary mapped to implementation detail
— Tracking create / update / access / deletes of data
— Tying relevant processes that operate on regulated data
— Building reverse lineage capability to map the data flow
— Update data lifecycle management process and policies
— Implement a visual dashboard of KPIs for DPOs
— Provide a portal and programmatic interface for individuals
— access/update their data, provide/revoke consent, transfer data & view rights
— Create a regulatory governance steering group lead by a DPO
11. Data Governance and Graphs
• Neo4j seeing rapid adoption to help with data
governance in finance, government, retail, healthcare
and communications
• Neo4j has an innate ability to store and query
relationships as well as simply the data itself
• Dramatically easier to model complex personal
data and its access controls
• Highly tolerant of data diversity and evolving data
schema
• Graph databases can look for and react to patterns
in the data as they occur
• Manage data flow and respond to problems and
threats in real-time
Master Data
Customers
Suppliers
Products
Employees
12. Leverage the power of Graphs
Neo4j and GDPR
25 July 2017
GraphTalks
Dr. Jesús Barrasa - Senior Graph Solutions Consultant - @BarrasaDV
13. AGENDA
• What is a Graph Database?
• Key Use Cases
• Graphs for GDPR
• Demo
• Takeaways
17. Graph
Database
Relational
Database
Good for:
Well-understood data structures
that don’t change too frequently
Known problems involving discrete
parts of the data, or minimal
connectivity
A way of representing data
Good for:
Dynamic systems: where the data
topology is difficult to predict
Dynamic requirements:
the evolve with the business
Problems where the relationships in
data contribute meaning & value
46. • Flexibility and expressivity of graph model enables agile
approach
• DB enables structured querying and machine readable
export to comply with “right to data portability”
• Added benefits: Risk assessment, customer 360 and
governance + metadata management.
57. Next Steps
— GDPR Guidance on the EC website @
http://www.eugdpr.org/
— Register for a GDPR brown-bag graph talk with your
team: https://neo4j.com/brownbag/
— Spend 1 hr. to discuss your GDPR initiative with us and
validate your solution / approach. Email us at
uk@neotechnology.com
— trust-hub Privacy Lens : hello@trusthub.com
Thanks! anthony.flynn@neo4j.com, www.neo4j.com