Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Session 2.6 semantic data governance for regulatory compliance

261 views

Published on

Talk at SEMANTiCS 2017
www.semantics.cc

Published in: Technology
  • Be the first to comment

Session 2.6 semantic data governance for regulatory compliance

  1. 1. © Copyright 2017 TopQuadrant Inc. Slide 1 Semantic Data Governance for Regulatory Compliance Ralph Hodgson, CTO and co-founder of TopQuadrant Inc. September 12, 2017 SEMANTiCS 2017 Theater de Meervaart Meer en Vaart 300 1068 LE Amsterdam, Netherlands v2
  2. 2. © Copyright 2017 TopQuadrant Inc. Slide 2 Semantic Data Governance for Regulatory Compliance § Introductions § RECO – Regulatory Compliance Ontology § GDPR – and a GDPR Ontology § TopBraid EDG Asset Governance and Lineage Ontologies – How TopBraid EDG addresses the hard problems in GDPR? § Demo § Concluding Remarks § Q&A ! 20 minutes ? on …
  3. 3. © Copyright 2017 TopQuadrant Inc. Slide 3 TOPQUADRANT COMPANY TOPQUADRANT COMPANY FOUNDATION • TopQuadrant was founded in 2001 • Strong commitment to standards-based approaches to data semantics MISSION • Empower people and drive results — by making enterprise information meaningful FOCUS • Provide comprehensive data governance solutions
  4. 4. © Copyright 2017 TopQuadrant Inc. Slide 4
  5. 5. © Copyright 2017 TopQuadrant Inc. Slide 5 Who are my data partners? What data do I share with them? What countries are they in? Do I have data regulation assets in my system for those countries? What 3rd country jurisdictions have regulatory authority for what data and/or what data processing? Regulatory Compliance Enterprise Governance GDPR Compliance TopBraid EDG’s Knowledge Engine answers compliance questions What problems are we addressing?
  6. 6. © Copyright 2017 TopQuadrant Inc. Slide 6 … Helps understand How enterprise contexts for… • Data Assets • Software and systems • Processing locations • Third party processors … relate to compliance • responsibilities • obligations • actions needed TopBraid EDG Knowledge Base
  7. 7. © Copyright 2017 TopQuadrant Inc. Slide 7 RDF SPARQL OWL RDFS Statements: Saying things Vocabulary: Shared terms can we use Classification: What is this thing? Query: What did you say? OWL SHACL Rules: Is that term used correctly? What do you need to know? You can't say that here! *W3C = World Wide Web Consortium led by Tim Berners-Lee TopBraid EDG is based on Semantic Standards
  8. 8. © Copyright 2017 TopQuadrant Inc. Slide 8 RECO - Regulatory Compliance Ontology § An ontology for: –obligations, –permissions, –Prohibitions, –Violations and –Waivers reco:Norm reco:Prescription reco:Obligation reco:DataObligation reco:DataDisclosureObligation
  9. 9. © Copyright 2017 TopQuadrant Inc. Slide 9 Semantic Models for Compliance: Processing EUR-Lex – 32014R0600 into TopBraid From Text: To Triples: To RECO Ontology of Obligations, Permissions and Prohibitions Ref: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0600&from=NL
  10. 10. © Copyright 2017 TopQuadrant Inc. Slide 10 Mandate: Protect Personally Identifiable Information (PII) ü 7 guiding principles and 83 pages of regulations govern the protection of personal data. ü Generally applies to all personal data of EU residents or handled by EU companies. ü Protection ”by design” requires systems for compliance, verification, audit, and notification ü Full compliance required by May 25, 2018 General Data Protection Regulations (GDPR) as an example and demo
  11. 11. © Copyright 2017 TopQuadrant Inc. Slide 11 GDPR is Complex GDPR is not just about data-at-rest. It’s about: • What processing is involved: transformations and software systems • Jurisdictions concerning where data, software and processing are hosted • How data flows through systems, jurisdictions and partner relationships • And how, requirements that need to be met change situationally
  12. 12. © Copyright 2017 TopQuadrant Inc. Slide 12 Regulated Data Actions Regulatory Obligations Transport Outside EU Consent Request Consent Review Consent Withdrawal Data Erasure Consent Preservation Adaptation Alignment Storage Archiving Backup Alteration Collection Combination Hosting Disclosure By Transmission Processing Recording Consent in Plain Language 72 Hour Notification GDPR - What do we need to talk about?
  13. 13. © Copyright 2017 TopQuadrant Inc. Slide 13 § provide a common language of meaning § reveal dependencies § bridge domains of discourse for insight § define “line-of-sights” for decision support § place GDPR into a structured framework A Publication Ontology helps and the semantics: First we need a Graph Representation of GDPR Things Relationships
  14. 14. © Copyright 2017 TopQuadrant Inc. Slide 14 Using TopBraid EDG we express GDPR using a Regulatory Compliance Ontology (RECO) Regulatory Compliance Graph Regulation Regulatory Things Relationships
  15. 15. © Copyright 2017 TopQuadrant Inc. Slide 15 Collection GDPR Regulated Data Activities Data Controller Data Subject Data Protection Officer (DPO) Storage Hosting Transformation GDPR Regulation GDPR Regulated Roles Now we can relate PII to concepts in GDPR Personally Identifiable Information (PII) Country Data Regulations ? Pacific Data Regulations ?
  16. 16. © Copyright 2017 TopQuadrant Inc. Slide 16 Next we need ontologies of Data, Technical and Enterprise Assets, and Governance Data, Technical and Enterprise Knowledge Graphs Governance Things Relationships Personally Identifiable Information (PII)
  17. 17. © Copyright 2017 TopQuadrant Inc. Slide 17 We can then make the connections across these domains for compliance analysis Discovering the path between personal data … … and specific GDPR obligations
  18. 18. © Copyright 2017 TopQuadrant Inc. Slide 18 GDPR needs support for “Situated Processes” GDPR Compliance Graph A Process “in Context” GDPR Things Relationships
  19. 19. © Copyright 2017 TopQuadrant Inc. Slide 19 GDPR Regulation in TopBraid EDG
  20. 20. © Copyright 2017 TopQuadrant Inc. Slide 20 The Power of TopBraid EDG … General Regulatory Compliance … is in bringing this all together into a connected knowledge base that can be queried for insights, reports and decision support Enterprise Governance GDPR Compliance + +
  21. 21. © Copyright 2017 TopQuadrant Inc. Slide 21 GDPR Demo Example: “Transmission Outside EU” Regulatory Obligation Data Elements (PII) Process-In-Context (SituatedProcess) GDPR Paragraph 1 2 3 4
  22. 22. © Copyright 2017 TopQuadrant Inc. Slide 22 TopBraid EDG Lineage for Compliance Reporting Data Resources Information Products Inputs Data Elements PipelinesSoftware Outputs
  23. 23. © Copyright 2017 TopQuadrant Inc. Slide 23 DEMO: TopBraid EDG Semantic Data Governance for GDPR Compliance
  24. 24. © Copyright 2017 TopQuadrant Inc. Slide 24 Machine-Process-able Standards for: üpolicies, methods, procedures and workflows for performance of required actions/tasks üinformational resources language, documents, forms, templates used in workflows üsupporting systems for compliance validation & verification, change tracking, audit, etc. TopBraid EDG Knowledge Engine Helps automate GDPR compliance; assessments, documentation, discovery of obligations, compliance gaps …
  25. 25. … Questions? Flexible Connections Enable:
  26. 26. © Copyright 2017 TopQuadrant Inc. Slide 26 To Learn More … Contact us: at info@topquadrant.com to: • Discuss our GDPR compliance solutions • Request a more targeted demo of TopBraid EDG • Ask for a free EDG evaluation account EDG Product Info: • http://www.topquadrant.com/products/topbraid-edg/ • http://www.topquadrant.com/products/topbraid-edg-gov-packs/ Other EDG demos/webinar recordings: • http://www.topquadrant.com/knowledgeassets/videos/#edgoverviewdemo Webinar: Data Governance for the Connected Enterprise: TopBraid EDG in Action • http://www.topquadrant.com/knowledge-assets/topquadrant-webinars/#TQ-EDG-metadata-mgt-webinar Webinar: Metadata Management is Key to Data Governance Initiatives Thank You !
  27. 27. © Copyright 2017 TopQuadrant Inc. Slide 27 Reference Slides
  28. 28. © Copyright 2017 TopQuadrant Inc. Slide 28 § Core flexibility and extensibility Add user defined models, assets and properties as needed (model-driven) § Models: pre-built and user defined Support multiple types of governance assets § Connections: Can be made between any types of assets § Flexible Connections Enable: – People (UI) and software (APIs/web services) to view, follow and query the connections to answer core questions, e.g. “Where did this come from?” – complete data governance vs. siloed data governance, i.e “reference-ability” TopBraid EDG: Summary and Benefits for GDPR
  29. 29. © Copyright 2017 TopQuadrant Inc. Slide 29 Key Concepts: Assets § Asset is a technical, business, or operational resource governed by an organization using TopBraid EDG. § Asset type: Asset type is a class in an ontology (either ontologies shipped with TopBraid EDG or customized/created by the users) that formally describes attributes and relationships of an asset. An asset could have multiple types. – TopBraid EDG includes over 100 asset types such as Glossary Term, Requirement, ETL Script and many others. Software Executable Data Pipeline Policy Team Database Capability Server Organization Database Table DatasetReport Datatype Business Area Glossary TermObligation
  30. 30. © Copyright 2017 TopQuadrant Inc. Slide 30 RECO Engine Approach 1. Use ontologies to express a “finance/macroeconomics knowledge base”: uRECO for regulatory compliance ontology uQUDT for quantity kinds uExtend with “deep” terminology 2. Transform regulatory documents to a machine-processable model uScreen scraping HTML to an RDF document model u“Lifting” the RDF document model to a RECO representation of “Obligations”, “Prohibitions” and “Permissions” uUse of machine-learning techniques for auto-classification uManual steps 3. Integrate with an Enterprise Data Governance platform (TopBraid EDG) for specifying lineage models: uSemantic relations from reporting and data policy stipulations to asset types uTranslation (mapping) of knowledge representations to physical data specifications and transforms
  31. 31. © Copyright 2017 TopQuadrant Inc. Slide 31 From CELEX HTML Pages to CELEX RECO Models Transform to Semantic XHTML Transform to oePUB Transform to RECO XHTML XHTML Ontology SPIN Transforms ePUB Ontology RECO Ontology SPIN Transforms Semantic XML REGULATION (EU) No 600/2014 http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1460832668231&uri=CELEX:32014R0600
  32. 32. © Copyright 2017 TopQuadrant Inc. Slide 32 From Document references to semantic links CELEX 600 Directive Article Directive Article REGULATION (EU) No 600/2014 normative reference normative reference
  33. 33. © Copyright 2017 TopQuadrant Inc. Slide 33 How a RECO Model of Regulatory Compliance helps Lineage Models Compliance Report Traceability to Compliance Regulation Informs Lineage Model RECO model of Celex 600/2014 for Article 10 Para 1 REGULATION (EU) No 600/2014
  34. 34. © Copyright 2017 TopQuadrant Inc. Slide 34 RECO – Illustrative Classes and Properties 34 ~83 Classes ~62 Properties reco:Norm reco:Prescription reco:Obligation reco:DataObligation reco:DataDisclosureObligation
  35. 35. © Copyright 2017 TopQuadrant Inc. Slide 35 RECO – Regulation Classe in TopBraid Composer 35Confidential TopQuadrant, Inc. 2015 Example classes from the Regulatory Compliance Ontology (RECO)
  36. 36. © Copyright 2017 TopQuadrant Inc. Slide 36 EUR-Lex – 32014R0600 in TopBraid EVN 36Confidential TopQuadrant, Inc. 2015 Paragraph 1 of article 13 Article 13 rendered in TopBraid EVN using SWP/SWA:
  37. 37. © Copyright 2017 TopQuadrant Inc. Slide 37 RECO: Obligations as Prescriptions
  38. 38. © Copyright 2017 TopQuadrant Inc. Slide 38 7 Guiding Principles – Standard of Care § Lawful, Fair and Transparent Processing …................................................................. Article 5.1a § Specified, Fair and Legitimate Purposes …................................................................. Article 5.1b § Data Minimization – Adequate , Relevant, Limited to Necessary ............................. Article 5.1c § Accurate and current …............................................................................................... Article 5.1d § Minimize duration of storage ….................................................................................. Article 5.1e § Secure Processing ….................................................................................................... Article 5.1f § Accountability ….......................................................................................................... Article 5.2 GDPR Facts
  39. 39. © Copyright 2017 TopQuadrant Inc. Slide 39 Violations have significant consequences § 20MM Euro or 4% of Global Turnover § Prohibited from processing of critical data § Reputation Exposure and/or Damage § Interruption of critical data supply chain § Business model at risk GDPR Facts
  40. 40. © Copyright 2017 TopQuadrant Inc. Slide 40 Ends

×