Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Building a Strategy customers and Auditors Love

332 views

Published on

How to be Successful in the Post GDPR Landscape – Building a Strategy Customers & Auditors Love

May 25th isn’t the end of a journey, it’s really just the beginning. GDPR is one piece of the compliance puzzle. One of the most important things to remember about GDPR is that it’s not a one off compliance effort. It is a continuous process that will need to be continually evaluated and evolved over time. In order to be successful long term, a strategy must be built across all functions in the organization. Join us to learn how to build a strategy that will help you identify and link GDPR related processes, rules, standards and metrics to your organization's compliance goals and objectives to meet the new regulatory landscape. In this session, Jonathan will highlight how to develop processes and controls to build a strategy that ensure that the information being utilized is compliant, accessible, and manageable. He will conclude with a brief demo of DATUM’s Information Value Management® and share best practices and actionable takeaways to help inspire you to build a strategy both your customers and auditors will love.

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

Building a Strategy customers and Auditors Love

  1. 1. DGIQ 2018 JUNE 13, 2018 How to be Successful in the Post GDPR Landscape – Building a Strategy Customers & Auditors Love Confidential and Proprietary. Copyright© 2018. DATUM LLC
  2. 2. 2 Agenda • Who we are • Compliance Being Compliant AND being Audit Resilient The Data Control Model; Control Elements 4 Steps to a Governance Framework • Building the Governance Framework in Information Value Management Confidential and Proprietary. Copyright© 2018. DATUM LLC
  3. 3. We help the world’s leading organizations identify, organize and use data to solve problems and create opportunities. Confidential and Proprietary. Copyright© 2018. DATUM LLC3
  4. 4. 4 Compliance evolves with capabilities Confidential and Proprietary. Copyright© 2018. DATUM LLC Compliance is the goal, but over time what you want is Audit Resilience Easy, Stress Free, Repeatable, Transparent, Extensible Compliance is about defining the Data Control Model that reduces risk, and creates “Audit Resilience”
  5. 5. Data Control Model 5 Confidential and Proprietary. Copyright© 2018. DATUM LLC Control System Defined: Control Environment • Sets the tone for the organization Risk Assessment • Identification and analysis of relevant risks to the achievement of objectives Information and Communication • Systems or processes that support the identification, capture, and exchange of information Control Activities • Policies and procedures that help ensure management directives are carried out Monitoring-processes • Assess the quality of internal control performance over time. The configuration of the Governance Framework to align impacted data with compliance requirements An Operating Model that ensures accountability and minimizes risk For DATUM a Data Control Model sits within the Control System, and is always: https://www.aicpa.org/
  6. 6. Data Control Model 6 Confidential and Proprietary. Copyright© 2018. DATUM LLC Control Elements: Data is labelled with sufficient metadata to support risk analysis and alignment to larger Control System Elements • Data Catalog / Dictionary have been configured with appropriate metadata labelling to support risk processes Control activities are completely defined • All data in scope is controlled via Rule(s) that are supported by Standards • All Composers have Owners, and Rules have execution Owners (Roles) The controls are exposed and communicated • Reports are configured in Information Value Management Monitoring process exists • Data Quality feature is activated and are monitoring Control Rules 1. Configure Governance Framework 2. Configure Operating Model 3. Identify Control Points 4. Ensure that the Control Points have all control elements implemented Steps to setting up Control Model:
  7. 7. 7 Four Steps to a Governance Framework Confidential and Proprietary. Copyright© 2017. DATUM LLC What are Value Driver Goals ? What Objectives Support Goals? How do I Recognize Success? Start with Business Value!
  8. 8. 8 1. Build out the Goals, Objectives & Metrics to align Value Confidential and Proprietary. Copyright© 2017. DATUM LLC StrategyAction
  9. 9. 9 2. Build the Catalog Confidential and Proprietary. Copyright© 2017. DATUM LLC 2 Catalog Data: Foundational to Managing Data 3 Describe Data: Tag to align with value drivers Identify Data: What are my sources?1 What is the data that matters? If data is not cataloged, it is not governed!
  10. 10. 10 Value emerges… Confidential and Proprietary. Copyright© 2017. DATUM LLC Data Asset: Transaction File dd/mm/yy Purchase $ Purchase Date Purchase SKU Customer Metric Tags Purchase Activity PI Collected Channel = Web Product Category All business processes where customers present must have 95% completion of Customer Metrics StrategyData • Data’s role in supporting business strategies is established • Provides the basis for data’s value as an “Asset”
  11. 11. 11 3. Define Processes Confidential and Proprietary. Copyright© 2017. DATUM LLC Where Is the data; how Is It Used? • E-commerce sites • Marketing functions • Shipping fulfillment • CRM Start with known Business Functions Focus on Core Requirements • What data is where? • What are value drivers? • Who gets the value? • What are standards, controls & metrics
  12. 12. 12 Processes complete alignment of data, people & processes Confidential and Proprietary. Copyright© 2017. DATUM LLC • Identifies business function & Owner • Ensures business alignment to “value” • Addresses order & efficiency objectives StrategyPeople
  13. 13. 13 4. Add Standards & Rules to address control objectives Confidential and Proprietary. Copyright© 2017. DATUM LLC • Standards provide enterprise wide guidance on the implementation of policy • Rules implement Standards at the data level StrategyGovernance
  14. 14. 14 The “Managed” Data Ecosystem Confidential and Proprietary. Copyright© 2017. DATUM LLC Data Aligned • The data required to meet objectives Strategy Driven Business Focused • Measurable Objectives Action Oriented • What people do Managed • The observable, measurable “controls” and metrics; evidence of business impact
  15. 15. 15 Example: GDPR Obligation Management Confidential and Proprietary. Copyright© 2017. DATUM LLC GDPR Compliance Goals Remediation Management Objectives GDPR Obligation Management Processes GDPR Remediation Standard GDPR Risk Management Communication Standards Standards GDPR Task Management GDPR PI Owner Identification GDPR Remediation Log Detail GDPR Communication Template Rules Metrics GDPR Article 12 GDPR Article 18 GDPR Article 19 GDPR Article 16 POLICY
  16. 16. 16 Multiple Frameworks may exist Confidential and Proprietary. Copyright© 2018. DATUM LLC GDPR Case Study For GDPR, a Framework exists for each of the Capability Areas specified in the Best Practices Model Each Framework answers a key question required for Audit Resilience
  17. 17. Benefits of a Governance Framework 17 Confidential and Proprietary. Copyright© 2017. DATUM LLC Clear Line of Site between Compliance & Controls Business Aligned Accountability Easy to Communicate Easy to Defend Audit Defensibility The degree to which the organization is ready to address the demands of an auditor: • Observable • Measureable • Repeatable • Robust • Transparent • Defensible
  18. 18. 18 Information Value Management® 01| Discover where GDPR personal information data lives, who uses it and how it is used. 02| Connect that information to data governance processes. 03| Enable collaboration with all stakeholders across the organization. Confidential and Proprietary. Copyright© 2018. DATUM LLC

×