SlideShare a Scribd company logo

Enterprise Data World 2018

J
jadams6

Data Privacy; GDPR and the Role of Governance

Business
1 of 28
Download to read offline
7 Key GDPR Requirements & the Role of Data Governance Jonathan Adams, DATUM
Jonathan Adams • Director of Research that supports customers in building governance discipline around analytics and regulatory compliance • Certified CMMI Enterprise Data Management Expert (EDME) • 20+ years of experience in leading requirements, design and implantation efforts for retailers, financial organizations and federal agencies
Data is Everything – Personal Data is Everywhere
GDPR is … Right around the corner
If you are just starting… How do I start ? • What is my risk exposure? • What do I need to do NOW?!
If you are well on your way … How do you avoid the MV Paradox? You do just enough to be compliant and then stop; compliance hell! Doing the right thing; but doing it WRONG! Focus on building capabilities that scale, are robust are transparent and defensible Doing the right thing; AND doing it Right!
Agenda: • Quick Overview of GDPR • Critical first steps – what you need to do NOW • Ensuring long term stress free compliance (Audit Resilience)
Defining GDPR GDPR is a comprehensive set of privacy regulations designed to protect data for individuals within the European Union. Objective: • Give individuals control of their personal data • Regulatory consistency across the EU Impact: • Covers personal data collected in EU regardless of where the data collector is located • All US based multi nationals doing business with people in Europe will be impacted • Fines are significant up to 4% of Global revenue
GDPR’s Impact on Companies Any business (foreign or domestic) engaged with individuals within the EU The notion of Personal Information (PI) is broadly defined: data that has the potential to identify a person living in Europe falls under the GDPR GDPR applies “horizontally” across the organization’s business components, and “vertically” at all decision making levels. GDPR applies across the complete value chain. Organizations are obligated to verify the compliance of parties with which they do business.
GDPR requirements can be simplified by organizing around four core capability areas • People • Partners • Regulators • Organization Organization People Partners Regulators • Communication • Remediation • Certification • Risk Management • Consulting & Reporting • Organizational Alignment • Privacy by Design • Risk Management Privacy Culture
People: The “owners” of Personal Information Forget Quarantine PackageFix Consent Notification Access • Need for greater detail and clarity when collecting data • Consent must be explicit as to use of data, how it will be processed, and by whom • Notification of breach is required Obligations Under GDPR Individuals have the following rights: • To be Informed • To Access • To Rectify • To Erasure • To Restrict Processing • To Data Portability • To Object • Related to automated Decision Making and Profiling Rights People
Organization: “Data Protection by Design” Data Management International Best Practices Risk Management Accountability Obligations • Accountability – vertically, horizontally and externally • Data Protection Officer required for most large companies • Best practice “Codes of Conduct” mitigate against enforcement action • Assessment of risk will drive multiple decisions – it needs to be transparent and defensible • Cross border data exchanges do not obviate requirements Organization
Partners: A New Risk Dimension Certification Risk Management Processor Compliance Obligations • Transfers of Personal Information between your company and business partners does not transfer the responsibility to ensure it is safeguarded – it is still yours to look after • Establish a way to ensure your partners are providing GDPR level security • Best practices certifications that support third party audits will streamline assessment process and mitigate risk • Due diligence and transparency is key to demonstrating diligence Partners
Regulators: Communication is key Consultation Best Practices Obligations • Notification is required in the event of a breach • “Breach” is broadly defined: destruction, loss, alteration, unauthorized disclosure of, or access to, personal data • Reporting to regulators within 72 hours when breach is likely to result in a risk to the rights and freedoms of individuals • “Prior Consultation” is an expectation • Privacy Impact Assessment anchors the regulator and risk discussions • Best Practices will streamline these discussions Regulators
What do you need to do NOW?
Get a grip!
Catalog your Personal Information “The first thing you have to know is yourself...” – Adam Smith Identify Data: PI: Collected, Observed, Derived1 2 Catalog Data: Foundational to Managing Data 3 Describe Data: Tag to Answer Compliance Requirements
Understand Risk Is your Business Model “risky”? What is your risk tolerance? What does your lawyer say? Remember – your lawyer interprets the regulation Your governance team builds auditable controls consistent with policy shaped by interpretation Your executive leadership defines policy
19 Build a Risk Model for transparency & defensibility Confidential and Proprietary. Copyright© 2017. DATUM LLC Vulnerabilities 17-2 32-1 32-2 33-1 33-3 34-1 GDPR Risk Areas 34-3 35-1 35-7- c,d 35-11 49-1-a Practices Mitigation Risk Governance Risk Analysis & Metrics “To [the] rights and freedoms of natural persons” Best Practices COBit; CMMI DMM; ISO 27001 NIST 800-61 …
Avoiding the Minimum Viable Paradox
Audit Resilient?
Focus on Capabilities Compliance Capability Readiness=+ Do the Right Thing – Do it Right!
Best Practices Mitigate Risk Aligning to Recognized Best Practice Frameworks Mitigates Risk Pick a Framework That Works for You1 2 Talk the Talk – Walk the Walk 3 Promote within Industry Associations
Operating Model Builds Accountability Actors & Roles Organizational Design Methods • Who needs to be engaged in the Data Governance program? • What are their roles? • The ideal design for ‘data’ given organizational competencies • What makes sense for the organization today? • What is the vision given business goals? • The governance functions and Teams • What skills sets are required? • What functions are performed? • Where do we get those resources? • What level of automation should exist to support Actors, Roles and the functions they perform? Functions
Change management is the challenge Operating Model Organizational Alignment Mobilizing Cross-Functional Teams Empowerment (with Rules and Tools) Outcome focused Metrics Accountability Step-Change Change Management
In the immortal words of Bill & Ted
Be Agile – it’s a journey! Steps can be iterative • All data does not have to be cataloged day one • All processes do not have to be known • Have a Plan • Focus on Demonstrable Due Diligence • The solution ecosystem & governance framework that:  Supports agile iterative evolution of capabilities  Shows early successes Success
28 Thank You for Your Time! • Any questions? • Visit us at http://www.datumstrategy.com/gdpr-solution for more information • For the latest news follow us on Twitter at @datumstrategy Confidential and Proprietary. Copyright© 2018. DATUM LLC

Recommended

Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspective
canadianlawyer
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySaskSummit
 
“Rebuilding Corporate Trust: The Essential Role Of IT Governance
“Rebuilding Corporate Trust: The Essential Role Of IT Governance“Rebuilding Corporate Trust: The Essential Role Of IT Governance
“Rebuilding Corporate Trust: The Essential Role Of IT Governance
SUNIL KUMAR KOHLI, IDAS ndc
 
3 minute reading time on how you can comply with GDPR.
3 minute reading time on how you can comply with GDPR.3 minute reading time on how you can comply with GDPR.
3 minute reading time on how you can comply with GDPR.
Richard Kranendonk
 
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
William Tanenbaum
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
Sarah Stogner
 

Recommended

Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspective
canadianlawyer
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySaskSummit
 
“Rebuilding Corporate Trust: The Essential Role Of IT Governance
“Rebuilding Corporate Trust: The Essential Role Of IT Governance“Rebuilding Corporate Trust: The Essential Role Of IT Governance
“Rebuilding Corporate Trust: The Essential Role Of IT Governance
SUNIL KUMAR KOHLI, IDAS ndc
 
3 minute reading time on how you can comply with GDPR.
3 minute reading time on how you can comply with GDPR.3 minute reading time on how you can comply with GDPR.
3 minute reading time on how you can comply with GDPR.
Richard Kranendonk
 
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...
William Tanenbaum
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
Sarah Stogner
 
William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William Tanenbaum
 
Building the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyBuilding the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your Company
AIIM International
 
Enterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeEnterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeIron Mountain
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
HackerOne
 
A2: Getting ready for GDPR (with only one month to go)
A2: Getting ready for GDPR (with only one month to go)A2: Getting ready for GDPR (with only one month to go)
A2: Getting ready for GDPR (with only one month to go)
NCVO - National Council for Voluntary Organisations
 
Cyber wargaming: Building cyber resilience in an era of cyberattacks
Cyber wargaming: Building cyber resilience in an era of cyberattacksCyber wargaming: Building cyber resilience in an era of cyberattacks
Cyber wargaming: Building cyber resilience in an era of cyberattacks
Deloitte United States
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva inc
Druva
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
Eryk Budi Pratama
 
The Power Of People In Information Governance
The Power Of People In Information GovernanceThe Power Of People In Information Governance
The Power Of People In Information Governance
Colin Tong
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...
Ardoq
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance
AIIM International
 
EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...
Deloitte United States
 
Modernizing compliance: Moving from value protection to value creation
Modernizing compliance: Moving from value protection to value creationModernizing compliance: Moving from value protection to value creation
Modernizing compliance: Moving from value protection to value creation
Deloitte United States
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
Resilient Systems
 
Improving liquidity management: Scenario-based cash forecasting
Improving liquidity management: Scenario-based cash forecastingImproving liquidity management: Scenario-based cash forecasting
Improving liquidity management: Scenario-based cash forecasting
Deloitte United States
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
Ogilvy Consulting
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
CILIPScotland
 
Hedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesHedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activities
Deloitte United States
 
#7 Insurance
#7 Insurance#7 Insurance
#7 InsuranceRobert Cutbirth
 
Navigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management ProgramNavigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management Program
Perficient, Inc.
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
DATUM LLC
 
Dimitris Mouzakitis
Dimitris MouzakitisDimitris Mouzakitis
Dimitris Mouzakitis
Alma Total Solutions
 

More Related Content

What's hot

William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William Tanenbaum
 
Building the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyBuilding the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your Company
AIIM International
 
Enterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeEnterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeIron Mountain
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
HackerOne
 
A2: Getting ready for GDPR (with only one month to go)
A2: Getting ready for GDPR (with only one month to go)A2: Getting ready for GDPR (with only one month to go)
A2: Getting ready for GDPR (with only one month to go)
NCVO - National Council for Voluntary Organisations
 
Cyber wargaming: Building cyber resilience in an era of cyberattacks
Cyber wargaming: Building cyber resilience in an era of cyberattacksCyber wargaming: Building cyber resilience in an era of cyberattacks
Cyber wargaming: Building cyber resilience in an era of cyberattacks
Deloitte United States
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva inc
Druva
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
Eryk Budi Pratama
 
The Power Of People In Information Governance
The Power Of People In Information GovernanceThe Power Of People In Information Governance
The Power Of People In Information Governance
Colin Tong
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...
Ardoq
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance
AIIM International
 
EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...
Deloitte United States
 
Modernizing compliance: Moving from value protection to value creation
Modernizing compliance: Moving from value protection to value creationModernizing compliance: Moving from value protection to value creation
Modernizing compliance: Moving from value protection to value creation
Deloitte United States
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
Resilient Systems
 
Improving liquidity management: Scenario-based cash forecasting
Improving liquidity management: Scenario-based cash forecastingImproving liquidity management: Scenario-based cash forecasting
Improving liquidity management: Scenario-based cash forecasting
Deloitte United States
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
Ogilvy Consulting
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
CILIPScotland
 
Hedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesHedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activities
Deloitte United States
 
Navigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management ProgramNavigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management Program
Perficient, Inc.
 

What's hot (20)

William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...William A Tanenbaum David with Goliath: How Big Companies Do Business with...
William A Tanenbaum David with Goliath: How Big Companies Do Business with...
 
Building the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyBuilding the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your Company
 
Enterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving ChangeEnterprise Discovery: Taking Control, Driving Change
Enterprise Discovery: Taking Control, Driving Change
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
 
A2: Getting ready for GDPR (with only one month to go)
A2: Getting ready for GDPR (with only one month to go)A2: Getting ready for GDPR (with only one month to go)
A2: Getting ready for GDPR (with only one month to go)
 
Cyber wargaming: Building cyber resilience in an era of cyberattacks
Cyber wargaming: Building cyber resilience in an era of cyberattacksCyber wargaming: Building cyber resilience in an era of cyberattacks
Cyber wargaming: Building cyber resilience in an era of cyberattacks
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva inc
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
 
The Power Of People In Information Governance
The Power Of People In Information GovernanceThe Power Of People In Information Governance
The Power Of People In Information Governance
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance
 
EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...
 
Modernizing compliance: Moving from value protection to value creation
Modernizing compliance: Moving from value protection to value creationModernizing compliance: Moving from value protection to value creation
Modernizing compliance: Moving from value protection to value creation
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
 
Improving liquidity management: Scenario-based cash forecasting
Improving liquidity management: Scenario-based cash forecastingImproving liquidity management: Scenario-based cash forecasting
Improving liquidity management: Scenario-based cash forecasting
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
Embedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library ServiceEmbedding GDPR Within Your Information and Library Service
Embedding GDPR Within Your Information and Library Service
 
Hedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesHedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activities
 
#7 Insurance
#7 Insurance#7 Insurance
#7 Insurance
 
Navigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management ProgramNavigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management Program
 

Similar to Enterprise Data World 2018

7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
DATUM LLC
 
Dimitris Mouzakitis
Dimitris MouzakitisDimitris Mouzakitis
Dimitris Mouzakitis
Alma Total Solutions
 
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
DATUM LLC
 
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
jadams6
 
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot PrivacyPrivacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
Ivan Tsarynny
 
PrivacyOps Framework
PrivacyOps FrameworkPrivacyOps Framework
PrivacyOps Framework
Feroot
 
Data Analytics Ethics: Issues and Questions (Arnie Aronoff, Ph.D.)
Data Analytics Ethics: Issues and Questions (Arnie Aronoff, Ph.D.)Data Analytics Ethics: Issues and Questions (Arnie Aronoff, Ph.D.)
Data Analytics Ethics: Issues and Questions (Arnie Aronoff, Ph.D.)
University of Chicago Booth Big Data & Analytics Roundtable
 
A Practical Guide To Information Governance
A Practical Guide To Information GovernanceA Practical Guide To Information Governance
A Practical Guide To Information GovernanceMichael Curcio
 
GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365
ayeshaurooj104
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
Data protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceData protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure compliance
EquiGov Institute
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
JagdeepSingh394
 
Evolution of Records Management in Law Firms
Evolution of Records Management in Law FirmsEvolution of Records Management in Law Firms
Evolution of Records Management in Law Firms
Jim Merrifield, IGP, CIP
 
Compliance as Culture Strategy
Compliance as Culture StrategyCompliance as Culture Strategy
Compliance as Culture Strategy
Cornerstone OnDemand
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
Human Capital Department
 
GDPR Seminar Slides
GDPR Seminar SlidesGDPR Seminar Slides
GDPR Seminar Slides
Hannah Donnison
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance
Dovetail Software
 
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPRDigital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Richard Veryard
 
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
IT Project Success through Corporate Profiling
IT Project Success through Corporate ProfilingIT Project Success through Corporate Profiling
IT Project Success through Corporate Profiling
ITPSB Pty Ltd
 

Similar to Enterprise Data World 2018 (20)

7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
 
Dimitris Mouzakitis
Dimitris MouzakitisDimitris Mouzakitis
Dimitris Mouzakitis
 
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...
 
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .
 
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot PrivacyPrivacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
 
PrivacyOps Framework
PrivacyOps FrameworkPrivacyOps Framework
PrivacyOps Framework
 
Data Analytics Ethics: Issues and Questions (Arnie Aronoff, Ph.D.)
Data Analytics Ethics: Issues and Questions (Arnie Aronoff, Ph.D.)Data Analytics Ethics: Issues and Questions (Arnie Aronoff, Ph.D.)
Data Analytics Ethics: Issues and Questions (Arnie Aronoff, Ph.D.)
 
A Practical Guide To Information Governance
A Practical Guide To Information GovernanceA Practical Guide To Information Governance
A Practical Guide To Information Governance
 
GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
Data protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceData protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure compliance
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
Evolution of Records Management in Law Firms
Evolution of Records Management in Law FirmsEvolution of Records Management in Law Firms
Evolution of Records Management in Law Firms
 
Compliance as Culture Strategy
Compliance as Culture StrategyCompliance as Culture Strategy
Compliance as Culture Strategy
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
GDPR Seminar Slides
GDPR Seminar SlidesGDPR Seminar Slides
GDPR Seminar Slides
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance
 
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPRDigital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
 
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
 
IT Project Success through Corporate Profiling
IT Project Success through Corporate ProfilingIT Project Success through Corporate Profiling
IT Project Success through Corporate Profiling
 

Recently uploaded

Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
LuanWise
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
ecamare2
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Holger Mueller
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Lviv Startup Club
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
Corey Perlman, Social Media Speaker and Consultant
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
buy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accountsbuy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accounts
Susan Laney
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
WilliamRodrigues148
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
tanyjahb
 
FIA officials brutally tortured innocent and snatched 200 Bitcoins of worth 4...
FIA officials brutally tortured innocent and snatched 200 Bitcoins of worth 4...FIA officials brutally tortured innocent and snatched 200 Bitcoins of worth 4...
FIA officials brutally tortured innocent and snatched 200 Bitcoins of worth 4...
jamalseoexpert1978
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
Aurelien Domont, MBA
 
An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.
Any kyc Account
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 

Recently uploaded (20)

Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
buy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accountsbuy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accounts
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
 
FIA officials brutally tortured innocent and snatched 200 Bitcoins of worth 4...
FIA officials brutally tortured innocent and snatched 200 Bitcoins of worth 4...FIA officials brutally tortured innocent and snatched 200 Bitcoins of worth 4...
FIA officials brutally tortured innocent and snatched 200 Bitcoins of worth 4...
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
 
An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 

Enterprise Data World 2018

  • 1. 7 Key GDPR Requirements & the Role of Data Governance Jonathan Adams, DATUM
  • 2. Jonathan Adams • Director of Research that supports customers in building governance discipline around analytics and regulatory compliance • Certified CMMI Enterprise Data Management Expert (EDME) • 20+ years of experience in leading requirements, design and implantation efforts for retailers, financial organizations and federal agencies
  • 3. Data is Everything – Personal Data is Everywhere
  • 4. GDPR is … Right around the corner
  • 5. If you are just starting… How do I start ? • What is my risk exposure? • What do I need to do NOW?!
  • 6. If you are well on your way … How do you avoid the MV Paradox? You do just enough to be compliant and then stop; compliance hell! Doing the right thing; but doing it WRONG! Focus on building capabilities that scale, are robust are transparent and defensible Doing the right thing; AND doing it Right!
  • 7. Agenda: • Quick Overview of GDPR • Critical first steps – what you need to do NOW • Ensuring long term stress free compliance (Audit Resilience)
  • 8. Defining GDPR GDPR is a comprehensive set of privacy regulations designed to protect data for individuals within the European Union. Objective: • Give individuals control of their personal data • Regulatory consistency across the EU Impact: • Covers personal data collected in EU regardless of where the data collector is located • All US based multi nationals doing business with people in Europe will be impacted • Fines are significant up to 4% of Global revenue
  • 9. GDPR’s Impact on Companies Any business (foreign or domestic) engaged with individuals within the EU The notion of Personal Information (PI) is broadly defined: data that has the potential to identify a person living in Europe falls under the GDPR GDPR applies “horizontally” across the organization’s business components, and “vertically” at all decision making levels. GDPR applies across the complete value chain. Organizations are obligated to verify the compliance of parties with which they do business.
  • 10. GDPR requirements can be simplified by organizing around four core capability areas • People • Partners • Regulators • Organization Organization People Partners Regulators • Communication • Remediation • Certification • Risk Management • Consulting & Reporting • Organizational Alignment • Privacy by Design • Risk Management Privacy Culture
  • 11. People: The “owners” of Personal Information Forget Quarantine PackageFix Consent Notification Access • Need for greater detail and clarity when collecting data • Consent must be explicit as to use of data, how it will be processed, and by whom • Notification of breach is required Obligations Under GDPR Individuals have the following rights: • To be Informed • To Access • To Rectify • To Erasure • To Restrict Processing • To Data Portability • To Object • Related to automated Decision Making and Profiling Rights People
  • 12. Organization: “Data Protection by Design” Data Management International Best Practices Risk Management Accountability Obligations • Accountability – vertically, horizontally and externally • Data Protection Officer required for most large companies • Best practice “Codes of Conduct” mitigate against enforcement action • Assessment of risk will drive multiple decisions – it needs to be transparent and defensible • Cross border data exchanges do not obviate requirements Organization
  • 13. Partners: A New Risk Dimension Certification Risk Management Processor Compliance Obligations • Transfers of Personal Information between your company and business partners does not transfer the responsibility to ensure it is safeguarded – it is still yours to look after • Establish a way to ensure your partners are providing GDPR level security • Best practices certifications that support third party audits will streamline assessment process and mitigate risk • Due diligence and transparency is key to demonstrating diligence Partners
  • 14. Regulators: Communication is key Consultation Best Practices Obligations • Notification is required in the event of a breach • “Breach” is broadly defined: destruction, loss, alteration, unauthorized disclosure of, or access to, personal data • Reporting to regulators within 72 hours when breach is likely to result in a risk to the rights and freedoms of individuals • “Prior Consultation” is an expectation • Privacy Impact Assessment anchors the regulator and risk discussions • Best Practices will streamline these discussions Regulators
  • 15. What do you need to do NOW?
  • 17. Catalog your Personal Information “The first thing you have to know is yourself...” – Adam Smith Identify Data: PI: Collected, Observed, Derived1 2 Catalog Data: Foundational to Managing Data 3 Describe Data: Tag to Answer Compliance Requirements
  • 18. Understand Risk Is your Business Model “risky”? What is your risk tolerance? What does your lawyer say? Remember – your lawyer interprets the regulation Your governance team builds auditable controls consistent with policy shaped by interpretation Your executive leadership defines policy
  • 19. 19 Build a Risk Model for transparency & defensibility Confidential and Proprietary. Copyright© 2017. DATUM LLC Vulnerabilities 17-2 32-1 32-2 33-1 33-3 34-1 GDPR Risk Areas 34-3 35-1 35-7- c,d 35-11 49-1-a Practices Mitigation Risk Governance Risk Analysis & Metrics “To [the] rights and freedoms of natural persons” Best Practices COBit; CMMI DMM; ISO 27001 NIST 800-61 …
  • 20. Avoiding the Minimum Viable Paradox
  • 22. Focus on Capabilities Compliance Capability Readiness=+ Do the Right Thing – Do it Right!
  • 23. Best Practices Mitigate Risk Aligning to Recognized Best Practice Frameworks Mitigates Risk Pick a Framework That Works for You1 2 Talk the Talk – Walk the Walk 3 Promote within Industry Associations
  • 24. Operating Model Builds Accountability Actors & Roles Organizational Design Methods • Who needs to be engaged in the Data Governance program? • What are their roles? • The ideal design for ‘data’ given organizational competencies • What makes sense for the organization today? • What is the vision given business goals? • The governance functions and Teams • What skills sets are required? • What functions are performed? • Where do we get those resources? • What level of automation should exist to support Actors, Roles and the functions they perform? Functions
  • 25. Change management is the challenge Operating Model Organizational Alignment Mobilizing Cross-Functional Teams Empowerment (with Rules and Tools) Outcome focused Metrics Accountability Step-Change Change Management
  • 26. In the immortal words of Bill & Ted
  • 27. Be Agile – it’s a journey! Steps can be iterative • All data does not have to be cataloged day one • All processes do not have to be known • Have a Plan • Focus on Demonstrable Due Diligence • The solution ecosystem & governance framework that:  Supports agile iterative evolution of capabilities  Shows early successes Success
  • 28. 28 Thank You for Your Time! • Any questions? • Visit us at http://www.datumstrategy.com/gdpr-solution for more information • For the latest news follow us on Twitter at @datumstrategy Confidential and Proprietary. Copyright© 2018. DATUM LLC