As the deadline for GDPR approaches, it is time to get practical about protecting personal data.
We break down the steps for turning a data lake into a data hub with appropriate data management and governance activities: from capturing and reconciling personal data to providing for consent management, data anonymyzation, and the rights of the data subject.
A smart approach to GDPR compliance lays a foundation for personalized and profitable customer and employee relations.
Join us, as experts from MAPR and Talend show you how to:
Diagnose the maturity of your GDPR compliance
Set up milestones and priorities to reach compliance
Create a foundation to manage personal data through a data lake
Master compliance operations - from data inventory to data transfers to individual rights management
3. 3
GDPR and Data Governance: why, and why now?
Drawing the Roadmap for GDPR
Setting up the GDPR foundations with a Data Hub
Establishing the 5 pillars for GDPR compliance with MAPR and Talend
What’s next on your GDPR journey?
Agenda
4. 4
• Jean-Michel Franco, X2 years old, passionate about running
• Sr Director for Data Governance Products at Talend
• 2X experience in data management
• Engaged citizen in a data driven world (@jmichel_franco)
Let’s talk about personal data
What I want to share
Want to know More ? • Ask Google for my Physical/Digital journeys
• Ask Garmin for my physical & Experian for my financial health
• Ask Amazon for my buying & Waze for my driving behavior
• Ask Facebook for my personal & LinkedIn for my professional details
But don’t ask my doctor, he has taken the Hippocratic Oath
5. 5
Beyond GDPR: it’s all about Trust and Transparency
BREAKING NEWS
Data Leaks
Equifax breach exposed data for 143
million consumers
Last year’s privacy fines would be 79
times higher under GDPR
Dieselgate forces German carmakers
to rethink their future
, Privacy Violations and Data Flaws
Data Governance is no more an option
6. 6
Potential cost of for
non compliance
GDPR starts in 220 days: Will you be ready?
4%
of global
revenue
Budget devoted
to data protection
0.004%
of global
revenue
50%
won’t meet
deadline
The pressure
is on IT
Source: European Commission, TeachPrivacy, Gartner
7. 7
GDPR(GeneralDataProtectionRegulation)inanutshell
• Protects privacy for individuals
• Goes into effect in 2018 (May, 25th).
• Increase powers of authorities to take action against non compliant business.
Tough penalties:
Fines up to 4% of annual global revenue
or €20 million (whichever is greater)
Broad definition:
Personal data includes identifiers such as
digital/online, genetic, mental, cultural, biometric
Worldwide
Regulation also applies to non EU companies that process
personal data of individuals in the EU.
Cross Border Data transfer :
The international transfer of data will continue to be governed
under EU GDPR rules.
Affirmative Consent: obtaining consent for
processing personal data must be clear, context
based and must seek an affirmative response.
Data Subjects Access Rights : Data Subjects have the
right to be forgotten and erased from records. Users may
request a copy of personal data in a portable format…
8. 8
• Multiple subject areas
• Customer, Employee, Prospect, Citizen, Vendor…
• Emerging data types
• Internet of Things, Logs, Biometrics…
• Multiple jurisdictions
• EU, Canada, Australia, U.S….
• Rapidly changing regulations
• GDPR, CASL, HIPAA…
Global Data Privacy is Multi-Dimensional
9. 9
What’s Involved
GDPR – Helicopter Positioning
√
• Make sure your Data is
compliant
• Unleash your data for the
data subject access rights
?
• Identify, know and track your personal
data
• Protect your Data and foster
accountability
10. 10
Goal
Inventory your personal data
Establish policies
Protect your data
Track and trace consent
Engage your workforce
Open your data to your data subjects
What does GDPR mean for your
Data Management practices?
11. 11
Draw your Roadmap for GDPR Compliance
2
Build your Personal Data Hub
Know your Data
Reconcile your data
Regain control
1
Assess your Capabilities
Identify gaps
Assess risks
Define priorities and milestones
3Engage Compliance Initiatives
Consent Management
Anonymization
Rights of the data subject
13. 14
• Know where to find every data about every person (customer or employee)
• Collect and Store compliance related data (i.e. Consent status)
• Control who can access these data
• Trace who accessed these data
• Make sure you don’t lose this data
• Matching all this on a distributed environment is at least very challenging
What is expected?
14. 15
• Physical or virtual consolidation of every person’s data
• Data can be enriched with compliance related information
• Single place to control and trace access
• Automatically updated based on legacy source systems
• Can be used as data source for new applications
The case for a Personal Data Hub
15. 16
5 pillars for GDPR governance with MAPR & Talend
Map your
Personal Data
Build your
Data Subject
360°
Protect your most
Sensitive Data
Delegate
Accounta-
lities
Manage
Data Location,
Movement &
Portability
16. 17
GDPR article 4, 9 and 30
Create a Data Inventory for Compliance
Track & trace across
the information chain
Define your Personal
Data
Connect them to your
data sets
17. 18
• Based on data inventory, consolidate all data in a single place
• Document Databases are the perfect tool
• Referential integrity is mandatory : avoid manual processes
• ETL
• Change data capture
• Streaming/Real Time
• Closing the loop with source system might be needed for rights to
be forgotten/rectification
Build the 360° view of the data subject
18. 19
• Protecting data is an holistic approach
• Ensure that no data can be lost
• Protect against attacks or errors : MapR Snapshots
• Protect against disaster : MapR Remote Replication
• Ensure that only authorized people have access to data:
• Logical access control : ACEs and auditing
• Physical access control : in-flight and at-rest encryption
Protect personal data at infrastructure level
19. 20
Obfuscate data
for analytics
Article 5, 6, 11 and 32
Protect Personal data with Data Masking
Apply Data Masking
everywhere
Capture personal
footprints in your datasets
20. 21
Certify Data with
Self-Service Data Curation
Articles 4, 5, 6, 24, 25, 27
Foster accountability with Talend Data Preparation & Stewardship
Orchestrate collaborative
Governance
Discover datasets and
prepare data for integration
21. 22
Article 12, 13, 14, 15, 16, 17, 18, 19, 20, 21
Respect the right of the data subject
…or deliver data services,
in real time
Deliver data on request,
in batch mode
22. 23
• Your business is global, so are your data
• Your governance has to be global too
• MapR Data Fabric gives you global control over your data
Manage Data Location
24. 25
“Over 80% of lost items
returned”
Air France-KLM aims delight customers with
personalized experience, Air France KLM
creates a complete 360° view of the
customer.
“The issue of security is addressed with Talend Data Quality since we process
some of our clients’ personal data and this data needs to be protected.
In addition, Talend Metadata Manager can determine ten times faster than
before where the data is located, when it is coming from, and where it is going.”
Damien Trinité, CRM Big Data Project Manager, Air France KLM
25. 26
MapR-FS
MapR Data Platform
MapR StreamsMapR-DB
Social Media
Converged Data Platform
Medical Info
Other PII
Banking Info
…
Ingest
Search
Data Map
Raise Alerts
…
Actions
Native Connectivity for the MapR Platform with Spark & Machine Learning
Track & Trace Capture & Connect Secure & Protect Certify & Curate Publish & Share
MapR + Talend architecture in a nutshell
26. 27
What’s next in your GDPR journey?
• Self-assess your readiness: http://talend.gdprevaluation.com/
• Learn more on our joint solution : https://mapr.com/resources/mapr-
talend-gdpr-solution-brief/
• Populate your personal data hub
• Set accountabilities & orchestrate collaborative data governance
• Operationalize GDPR governance (Consent, Data Subject Access Rights,
Data Protection and Anonymization…)
Questions?