The document outlines a 5 step plan to become compliant with GDPR and CCPA data protection laws:
1. Complete a Data Protection Impact Assessment to discover all personal data across systems.
2. Develop a remediation plan to encrypt personal data in key applications and files.
3. Begin remediation and testing by connecting encryption APIs to applications.
4. Ensure new personal data added is encrypted.
5. Prepare modified applications for production use after verifying no issues.
The goal is to protect personal data while maintaining business operations.
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with ITBigID Inc
Dimitri Sirota, CEO, BigID and Blake Bannon, VP of Product, OneTrust, present will detail best practices for synchronizing a privacy office enterprise privacy management platform with a tool for finding, classifying and correlating PI or PII across the data center and cloud.
Access the webinar presentation to learn:
-What the market landscape for privacy-centric products looks like
-Key considerations for evaluating privacy office software
-Key considerations to consider for privacy-oriented data discovery software
-How to ensure your privacy policy is aligned with operational reality
-Integration scenarios and use cases that connect the privacy office with IT
Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...DATAVERSITY
Data can provide tremendous value to an organization in today’s information-driven economy. New customer insights, better efficiency, and new product innovation are just some of the ways organizations are obtaining value through data. But in order to achieve this value, a strong data architecture is required to ensure that the data infrastructure runs smoothly, while at the same time aligning with business needs and corporate culture. A Data Strategy can assist in building a data architecture foundation through:
Identifying business requirements, rules & definitions via a business-centric data model
Creating a data inventory & integrating disparate data sources
Building a technical data architecture through data models & related artifacts
Coordinating the people, processes and culture necessary for success
Identifying tools & technology needed for creating & maintaining high quality data
DAMA Ireland - CDMP Overview (How to become a Certified Data Management Pract...DAMA Ireland
Fresh from her work with DAMA International to update the CDMP (Certified Data Management Practitioners) certification, Katherine O'Keefe presents a short overview of the current format for certification, the options for getting certified, and high level timelines for key next steps. Katherine also shares how DAMA members can get involved contributing to the development and expansion of the CDMP.
Data Governance — Aligning Technical and Business ApproachesDATAVERSITY
Data Governance can have a varied definition, depending on the audience. To many, data governance consists of committee meetings and stewardship roles. To others, it focuses on technical data management and controls. Holistic data governance combines both of these aspects, and a robust data architecture and associated diagrams can be the “glue” that binds business and IT governance together. Join this webinar for practical tips and hands-on exercises for aligning data architecture & data governance for business and IT success.
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with ITBigID Inc
Dimitri Sirota, CEO, BigID and Blake Bannon, VP of Product, OneTrust, present will detail best practices for synchronizing a privacy office enterprise privacy management platform with a tool for finding, classifying and correlating PI or PII across the data center and cloud.
Access the webinar presentation to learn:
-What the market landscape for privacy-centric products looks like
-Key considerations for evaluating privacy office software
-Key considerations to consider for privacy-oriented data discovery software
-How to ensure your privacy policy is aligned with operational reality
-Integration scenarios and use cases that connect the privacy office with IT
Lessons in Data Modeling: Why a Data Model is an Important Part of Your Data ...DATAVERSITY
Data can provide tremendous value to an organization in today’s information-driven economy. New customer insights, better efficiency, and new product innovation are just some of the ways organizations are obtaining value through data. But in order to achieve this value, a strong data architecture is required to ensure that the data infrastructure runs smoothly, while at the same time aligning with business needs and corporate culture. A Data Strategy can assist in building a data architecture foundation through:
Identifying business requirements, rules & definitions via a business-centric data model
Creating a data inventory & integrating disparate data sources
Building a technical data architecture through data models & related artifacts
Coordinating the people, processes and culture necessary for success
Identifying tools & technology needed for creating & maintaining high quality data
DAMA Ireland - CDMP Overview (How to become a Certified Data Management Pract...DAMA Ireland
Fresh from her work with DAMA International to update the CDMP (Certified Data Management Practitioners) certification, Katherine O'Keefe presents a short overview of the current format for certification, the options for getting certified, and high level timelines for key next steps. Katherine also shares how DAMA members can get involved contributing to the development and expansion of the CDMP.
Data Governance — Aligning Technical and Business ApproachesDATAVERSITY
Data Governance can have a varied definition, depending on the audience. To many, data governance consists of committee meetings and stewardship roles. To others, it focuses on technical data management and controls. Holistic data governance combines both of these aspects, and a robust data architecture and associated diagrams can be the “glue” that binds business and IT governance together. Join this webinar for practical tips and hands-on exercises for aligning data architecture & data governance for business and IT success.
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
This eBook outlines the role marketers and analysts play in helping their companies:
- Govern all existing web and app technologies
- Collect, store and analyze data properly
- Ensure ethical marketing and analytics practices
Eu gdpr technical workflow and productionalization neccessary w privacy ass...Steven Meister
GDPR = General Data Protection Regulations or GDPR = Get Demand Payment Ready when your hacked or audited.
A Realistic project plan for GDPR Compliance. Another reality is the 95% not ready and even the 5% that say they are, will not like what they see in this plan in the hopes of becoming GDPR compliant.
There is just not enough time or people to get it done in the next 8 months and even if you had
2 years. This is a harsh reality and without the use of software technology and strict yet flexible, repeatable methodologies, it just won’t happen. Look at this Project plan of what needs to be done, do the math, see the complexity of data movement and code and programs needed then give us a call.
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...Steven Meister
Steven Meister Cover Letter and CV
My Expertise is in Data Regulatory Compliance like (EU GDPR), California Cyber Security and most every countries Data Privacy and Security Regulations and accelerating the building of Big Data Frameworks and platforms in Hadoop and AWS S3.
Recent Accomplishments: https://youtu.be/roPC1NSgRGg
https://youtu.be/nwwqZTY_6Gc https://youtu.be/ZcNGXR2eLT0
Unified Information Governance, Powered by Knowledge GraphVaticle
As a knowledge graph database, Grakn is ideal for storing metadata and data lineage information. Many applications, such as data discovery, data governance, and data marketplaces, depend upon metadata for management. User experiences can be enhanced by leveraging a hyper-scalable graph database like Grakn, rather than traditional graph databases. Additionally, inference-driven use cases predominantly depended on RDF Triple Stores, requiring additional plug-ins to derive the inferences. With Grakn, this can now be achieved natively.
Now companies are in the middle of a renovation that forces them to be analytics-driven to
continue being competitive. Data analysis provides a complete insight about their business. It
also gives noteworthy advantages over their competitors. Analytics-driven insights compel
businesses to take action on service innovation, enhance client experience, detect irregularities in
process and provide extra time for product or service marketing. To work on analytics driven
activities, companies require to gather, analyse and store information from all possible sources.
Companies should bring appropriate tools and workflows in practice to analyse data rapidly and
unceasingly. They should obtain insight from data analysis result and make changes in their
business process and practice on the basis of gained result. It would help to be more agile than
their previous process and function.
Gdpr ccpa automated compliance - spark java application features and functi...Steven Meister
GDPR – CCPA Automated Technology, 16 Page PowerPoint with Features, Functions, Architecture and our reasons for choosing them. Be on your way to compliance with Technology created with compliance as its goal. Expect to add years of development without technology built specifically for compliances, such as GDPR, CCPA, HIPAA and others.
After scrolling through this PowerPoint you will realize just what is required and be able to better estimate the efforts it will take for your company to meet these regulatory requirements with technology and then without technology.
Spend just 5-10 minutes that might save your company, and your Customers, all the negative ramifications of the inevitable 2 breaches a year a company can expect to suffer.
This PowerPoint covers the critical aspects and needs that are present in any project designed to meet regulatory requirements for GDPR, CCPA and many others.
Complete Channel of Videos on BigDataRevealed
https://www.youtube.com/watch?v=3rLcQF5Wsgc&list=UU3F-qrvOIOwDj4ZKBMmoTWA
847-440-4439
#CCPA #GDPR #Big Data #Data Compliance #PII #Facebook #Hadoop #AWS #Spark #IoT #California
Big data automation is gaining traction as industries start capturing more data. Know how data analysts and data scientists can take advantage of automation.
Big data automation is gaining traction as industries start capturing more data. Know how data analysts and data scientists can take advantage of automation.
https://www.dasca.org/
Data observability is a collection of technologies and activities that allows data science teams to prevent problems from becoming severe business issues.
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Stratio
On November 6th, we got together at Google Campus to talk about Mesos and DC/OS.
Ignacio Mulas, Sparta & Spark Product Owner at Stratio, explained how to build an environment that can secure and govern its data for operational and analytical applications on top of DC/OS platform. He showed that analytical and machine learning pipelines can be combined with operational processes maintaining the security and providing governing tools to manage our data. He focused on the architecture and tools needed to achieve an ecosystem like this and we will show a demo of it. He also explained how we can develop our pipelines interactively with auto-discovered data catalogs and explore our results.
Find out more: https://www.stratio.com/events/discover-how-to-deploy-a-secure-big-data-pipeline-with-dcos/
Big Data Tools: A Deep Dive into Essential ToolsFredReynolds2
Today, practically every firm uses big data to gain a competitive advantage in the market. With this in mind, freely available big data tools for analysis and processing are a cost-effective and beneficial choice for enterprises. Hadoop is the sector’s leading open-source initiative and big data tidal roller. Moreover, this is not the final chapter! Numerous other businesses pursue Hadoop’s free and open-source path.
Gdpr CCPA Why Benchmarks of Billions of rows are as meaningful as compliance ...Steven Meister
GDPR/CCPA …, Fortune C Levels, What has been communicated to you is NO LONGER accurate. Data Compliance with your volumes is now viable! BigDataRevealed’s Architecture and Methodologies combined with the latest Spark & Apache, have broken the Compliance/Scalability Code. Billions of rows can now be processed for Compliance in minutes to hours. Video Benchmarks Spreadsheet & Demo = https://youtu.be/VTZ16LcgLmU
GDPR, CCPA, Analytics & Big Data applications. Beta this Comprehensive Regulatory Compliance & Analytics Accelerator engine delivering results on laptops, servers & AWS / Clouds. Analytics and extensive Metadata Catalogs, assist companies in developing marketing strategies, increase profits, and understand their customers and Data Protection Regulations.
More Related Content
Similar to Gdpr ccpa steps to near as close to compliancy as possible with low risk of fines and a catatrophic data breach
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
This eBook outlines the role marketers and analysts play in helping their companies:
- Govern all existing web and app technologies
- Collect, store and analyze data properly
- Ensure ethical marketing and analytics practices
Eu gdpr technical workflow and productionalization neccessary w privacy ass...Steven Meister
GDPR = General Data Protection Regulations or GDPR = Get Demand Payment Ready when your hacked or audited.
A Realistic project plan for GDPR Compliance. Another reality is the 95% not ready and even the 5% that say they are, will not like what they see in this plan in the hopes of becoming GDPR compliant.
There is just not enough time or people to get it done in the next 8 months and even if you had
2 years. This is a harsh reality and without the use of software technology and strict yet flexible, repeatable methodologies, it just won’t happen. Look at this Project plan of what needs to be done, do the math, see the complexity of data movement and code and programs needed then give us a call.
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...Steven Meister
Steven Meister Cover Letter and CV
My Expertise is in Data Regulatory Compliance like (EU GDPR), California Cyber Security and most every countries Data Privacy and Security Regulations and accelerating the building of Big Data Frameworks and platforms in Hadoop and AWS S3.
Recent Accomplishments: https://youtu.be/roPC1NSgRGg
https://youtu.be/nwwqZTY_6Gc https://youtu.be/ZcNGXR2eLT0
Unified Information Governance, Powered by Knowledge GraphVaticle
As a knowledge graph database, Grakn is ideal for storing metadata and data lineage information. Many applications, such as data discovery, data governance, and data marketplaces, depend upon metadata for management. User experiences can be enhanced by leveraging a hyper-scalable graph database like Grakn, rather than traditional graph databases. Additionally, inference-driven use cases predominantly depended on RDF Triple Stores, requiring additional plug-ins to derive the inferences. With Grakn, this can now be achieved natively.
Now companies are in the middle of a renovation that forces them to be analytics-driven to
continue being competitive. Data analysis provides a complete insight about their business. It
also gives noteworthy advantages over their competitors. Analytics-driven insights compel
businesses to take action on service innovation, enhance client experience, detect irregularities in
process and provide extra time for product or service marketing. To work on analytics driven
activities, companies require to gather, analyse and store information from all possible sources.
Companies should bring appropriate tools and workflows in practice to analyse data rapidly and
unceasingly. They should obtain insight from data analysis result and make changes in their
business process and practice on the basis of gained result. It would help to be more agile than
their previous process and function.
Gdpr ccpa automated compliance - spark java application features and functi...Steven Meister
GDPR – CCPA Automated Technology, 16 Page PowerPoint with Features, Functions, Architecture and our reasons for choosing them. Be on your way to compliance with Technology created with compliance as its goal. Expect to add years of development without technology built specifically for compliances, such as GDPR, CCPA, HIPAA and others.
After scrolling through this PowerPoint you will realize just what is required and be able to better estimate the efforts it will take for your company to meet these regulatory requirements with technology and then without technology.
Spend just 5-10 minutes that might save your company, and your Customers, all the negative ramifications of the inevitable 2 breaches a year a company can expect to suffer.
This PowerPoint covers the critical aspects and needs that are present in any project designed to meet regulatory requirements for GDPR, CCPA and many others.
Complete Channel of Videos on BigDataRevealed
https://www.youtube.com/watch?v=3rLcQF5Wsgc&list=UU3F-qrvOIOwDj4ZKBMmoTWA
847-440-4439
#CCPA #GDPR #Big Data #Data Compliance #PII #Facebook #Hadoop #AWS #Spark #IoT #California
Big data automation is gaining traction as industries start capturing more data. Know how data analysts and data scientists can take advantage of automation.
Big data automation is gaining traction as industries start capturing more data. Know how data analysts and data scientists can take advantage of automation.
https://www.dasca.org/
Data observability is a collection of technologies and activities that allows data science teams to prevent problems from becoming severe business issues.
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Stratio
On November 6th, we got together at Google Campus to talk about Mesos and DC/OS.
Ignacio Mulas, Sparta & Spark Product Owner at Stratio, explained how to build an environment that can secure and govern its data for operational and analytical applications on top of DC/OS platform. He showed that analytical and machine learning pipelines can be combined with operational processes maintaining the security and providing governing tools to manage our data. He focused on the architecture and tools needed to achieve an ecosystem like this and we will show a demo of it. He also explained how we can develop our pipelines interactively with auto-discovered data catalogs and explore our results.
Find out more: https://www.stratio.com/events/discover-how-to-deploy-a-secure-big-data-pipeline-with-dcos/
Big Data Tools: A Deep Dive into Essential ToolsFredReynolds2
Today, practically every firm uses big data to gain a competitive advantage in the market. With this in mind, freely available big data tools for analysis and processing are a cost-effective and beneficial choice for enterprises. Hadoop is the sector’s leading open-source initiative and big data tidal roller. Moreover, this is not the final chapter! Numerous other businesses pursue Hadoop’s free and open-source path.
Gdpr CCPA Why Benchmarks of Billions of rows are as meaningful as compliance ...Steven Meister
GDPR/CCPA …, Fortune C Levels, What has been communicated to you is NO LONGER accurate. Data Compliance with your volumes is now viable! BigDataRevealed’s Architecture and Methodologies combined with the latest Spark & Apache, have broken the Compliance/Scalability Code. Billions of rows can now be processed for Compliance in minutes to hours. Video Benchmarks Spreadsheet & Demo = https://youtu.be/VTZ16LcgLmU
GDPR, CCPA, Analytics & Big Data applications. Beta this Comprehensive Regulatory Compliance & Analytics Accelerator engine delivering results on laptops, servers & AWS / Clouds. Analytics and extensive Metadata Catalogs, assist companies in developing marketing strategies, increase profits, and understand their customers and Data Protection Regulations.
Privacy Assurance Initiative
Description:
Much has been written about the importance of adopting a consumer data privacy program that can withstand the scrutiny of regulators mindful of enforcing the General Data Protection Regulations as adopted in the European Community in 2018. Many have developed solutions that go to great lengths to protect consumer data that has been identified as falling within the guidance of GDPR. But few have devised the means of identifying the data housed within your four walls, within the cloud solutions you employ and within the platforms you employ to perform some functions of your commercial ventures that involve the use of consumer data.
GDPR BigDataRevealed Readiness Requirements and EvaluationSteven Meister
This GDPR methodology can evaluate your GDPR readiness. For those feeling GDPR ready, you may uncover complex issues often neglected. For those that have waited, you can gain knowledge providing for a more successful GDPR outcome.
https://youtu.be/uE4Q7u0LatU https://youtu.be/R37S9mIiVAk https://youtu.be/AQf3if7DnuM
Are you prepared for eu gdpr indirect identifiers? what are indirect identifi...Steven Meister
What is your solution for GDPR’s Indirect Identifiers? Many aren’t sure what they are and will probably be unsuccessful when attempting to become GDPR compliant. Allow me to explain.
As a software development manager, I must confess that the Discovery & Remediation of Indirect Identifiers was the most complex project I have managed in my 33 years in the industry.
First, let me explain what an Indirect Identifier is. According to the “Privacy Technical Assistance Center of the U.S. Department of Education, it means “Indirect identifiers include information that can be combined with other information to identify specific individuals, including, for example, a combination of gender, birth date, geographic indicator and other descriptors.”
I have listed 3 informative youtube videos on the eu gdprSteven Meister
I have listed 3, of what I consider very informative yet very different viewpoints on the EU GDPR and most definitely expressed differently by each set of presenters
Every Executive that has a Big Data Hadoop Cluster and their Staff, this is a must see! Getting your big data house in order.
The misalignment and clutter issues waste much of the precious time for critical decisions.
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Subhajit Sahu
Abstract — Levelwise PageRank is an alternative method of PageRank computation which decomposes the input graph into a directed acyclic block-graph of strongly connected components, and processes them in topological order, one level at a time. This enables calculation for ranks in a distributed fashion without per-iteration communication, unlike the standard method where all vertices are processed in each iteration. It however comes with a precondition of the absence of dead ends in the input graph. Here, the native non-distributed performance of Levelwise PageRank was compared against Monolithic PageRank on a CPU as well as a GPU. To ensure a fair comparison, Monolithic PageRank was also performed on a graph where vertices were split by components. Results indicate that Levelwise PageRank is about as fast as Monolithic PageRank on the CPU, but quite a bit slower on the GPU. Slowdown on the GPU is likely caused by a large submission of small workloads, and expected to be non-issue when the computation is performed on massive graphs.
Explore our comprehensive data analysis project presentation on predicting product ad campaign performance. Learn how data-driven insights can optimize your marketing strategies and enhance campaign effectiveness. Perfect for professionals and students looking to understand the power of data analysis in advertising. for more details visit: https://bostoninstituteofanalytics.org/data-science-and-artificial-intelligence/
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
Show drafts
volume_up
Empowering the Data Analytics Ecosystem: A Laser Focus on Value
The data analytics ecosystem thrives when every component functions at its peak, unlocking the true potential of data. Here's a laser focus on key areas for an empowered ecosystem:
1. Democratize Access, Not Data:
Granular Access Controls: Provide users with self-service tools tailored to their specific needs, preventing data overload and misuse.
Data Catalogs: Implement robust data catalogs for easy discovery and understanding of available data sources.
2. Foster Collaboration with Clear Roles:
Data Mesh Architecture: Break down data silos by creating a distributed data ownership model with clear ownership and responsibilities.
Collaborative Workspaces: Utilize interactive platforms where data scientists, analysts, and domain experts can work seamlessly together.
3. Leverage Advanced Analytics Strategically:
AI-powered Automation: Automate repetitive tasks like data cleaning and feature engineering, freeing up data talent for higher-level analysis.
Right-Tool Selection: Strategically choose the most effective advanced analytics techniques (e.g., AI, ML) based on specific business problems.
4. Prioritize Data Quality with Automation:
Automated Data Validation: Implement automated data quality checks to identify and rectify errors at the source, minimizing downstream issues.
Data Lineage Tracking: Track the flow of data throughout the ecosystem, ensuring transparency and facilitating root cause analysis for errors.
5. Cultivate a Data-Driven Mindset:
Metrics-Driven Performance Management: Align KPIs and performance metrics with data-driven insights to ensure actionable decision making.
Data Storytelling Workshops: Equip stakeholders with the skills to translate complex data findings into compelling narratives that drive action.
Benefits of a Precise Ecosystem:
Sharpened Focus: Precise access and clear roles ensure everyone works with the most relevant data, maximizing efficiency.
Actionable Insights: Strategic analytics and automated quality checks lead to more reliable and actionable data insights.
Continuous Improvement: Data-driven performance management fosters a culture of learning and continuous improvement.
Sustainable Growth: Empowered by data, organizations can make informed decisions to drive sustainable growth and innovation.
By focusing on these precise actions, organizations can create an empowered data analytics ecosystem that delivers real value by driving data-driven decisions and maximizing the return on their data investment.
Gdpr ccpa steps to near as close to compliancy as possible with low risk of fines and a catatrophic data breach
1. How to become GDPR & CCPA Compliant. Follow these steps to become sufficiently
compliant to avoid regulatory fines and public embarrassment brought about by a successful
data breach. Privacy by Design is what BigDataRevealed was built to deliver.
BigDataRevealed offers an application to assist in completing the following Steps
and was developed using only the most advanced languages and platforms; such as
Spark, Kafka, Java 8.0, Spring APIs, AngularJS, WildFly10, Apache Hadoop 3.1
and other advanced open source technologies, for the sole purpose of Data
Protection and Regulatory Requirements.
Our personal assessment is that most companies over
estimate their GDPR Readiness and haven’t developed
a viable plan or methodology to tackle the most
important aspect of Data Compliance; and that is
protecting their customer’s Personal Information. In
general, ‘protecting’ information has become
synonymous with encrypting personal information.
Hackers will always find a way to defeat your security
systems and obtain your data. However, that data will
have virtually no value to them, and cause no harm to
you, if the personal information is securely encrypted.
The ability to inform a customer of the information you
have collected about them, and the ability to remove
that information upon request, is important & complex,
but these two tasks are not the central tenet of GDPR.
Protecting customer’s Personal Information is what
GDPR is all about.
Following is a list of steps I feel will get you close enough
to GDPR, CCPA and most any Data Regulatory
compliancy, so that regulators will be satisfied you did
all that could be expected. In reality, becoming 100%
compliant could not be reasonably expected of any
larger company. We believe the following steps comprise
a viable plan for compliancy.
To better understand the process to allow customers to request
information you hold about them and to remove that information
view our earlier post athttps://www.linkedin.com/pulse/symantecs-
state-european-privacy-reort-found-90-believe-meister/
2. STEP 1. Complete a Data Protection Impact
Assessment (DPIA) in a Big Data Ecosystem. Big Data is
preferred so that your operational systems are not
degraded during the process and to minimize the
technical difficulties various data types present that Big
Data can easily handle.
Begin the DPIA by discovering the location of Personal Information in all your files.
You will want to search for patterns that identify data such as: National ID, Social
security, Driver’s License, Email, IP Addresses, Phone Numbers and hundreds more.
You will want a library containing of all these patterns and can be easily extended to
include any unique patterns or industry specific patterns you may need.
Centralize the following data sources into your Big Data Ecosystem; Legacy system
data, Office documents, PDFs, OCR documents, XML, Structured and Semi-Structured
Information and Many others. Images are supported by BigDataRevealed using Facial
and Object recognition software if applicable.
The DPIA process to discover Personal Information should include constructing a
Metadata Catalogue that will identify the location of Personal Information found in
every file processed by Row and Column. This information will become invaluable
when developing your Remediation Plan.
STEP 2. Develop a Remediation PLAN.
- Using the Metadata developed in the DPIA (STEP 1) a team comprised of Product
Managers, Developers, Business Analysts and others must review which business
applications use the files where Personal Information was discovered. This
process needs to be thorough and accurate as it identifies which
files/applications are most vulnerable to hackers.
- Pay the greatest attention to files used in applications that are central to your
business practices or interact with your customers such as; Point of Sale, Cash
Register, On-line Order Processing, Customer Service and Payment Processing.
You may even discover files that have no purpose and can be eliminated.
- The plan must include the following concepts;
a. How will these applications continue to function once the data in the files
have been encrypted?
b. Is the best practice to use APIs to interface between the application and the
data files containing the encrypted data? BigDataRevealed can provide such
APIs.
c. Where will the decryption/encryption keys be securely located so that the
APIs can complete their function safely.
d. How will newly received data be encrypted as it enters these files from non-
application sources such as IoT, Social Media and other feeds.
Prioritize the files and applications that represent the greatest risk
to your organization and begin the remediation process with them.
3. You have now protected the personal information in your most valuable or vulnerable application,
and are ready to celebrate.
STEP 4. Adding/Updating data in an
encrypted file.
In STEP 2, you identified where and
how a file might receive new data,
via adding a new transaction or
through a data feed. By connecting
the same APIs to exit points in the
application where new transactions
are generated, or by using
BigDataRevealed’s ability to process
streaming data ‘on the fly’ you can
achieve ongoing compliance.
STEP 5. Prepare for Production
Before implementing the newly
modified application tested in STEP 3
and STEP 4, you should verify that no
other applications use data from files
that will become encrypted.
You are now ready to use
BigDataRevealed to encrypt
production data and install the
modified application and APIs in your
production environment.
STEP 3. Begin Remediation and testing.
- Developers/analysts will identify the ‘exit points’ from the high
priority applications that access data from a file containing personal
information. These ‘exit points’ will be where the
encryption/decryption APIs must be connected to the application.
This task will likely be the most labor intensive as there are no
application tools to assist in discovering ‘exit points’.
- In a test environment, complete the process of connecting the APIs to the
application.
- Extract data from the files identified above and load them into
BigDataRevealed.
- Run a Discovery Process for those extracted files to identify all Personal
Information contained in those files. (A fully automated process)
- Request Encryption to be completed on any or all of the columns containing
personal Information. (Fully automated).
- Upload the newly encrypted files into a test environment.
- Begin Testing
4. Other Compliance Considerations
BigDataRevealed’s Dashboards presents to your operational staff, the customers that have requested
their ‘Right of Information’ or their ‘Right of Erasure’, and for CCPA their ‘Right of Deletion’. Operational
staff can process each request separately, or group them together for efficiency reasons.
BigDataRevealed’s extensive Metadata Catalogue allows your operational staff to request extraction of
information for presentation to a customer, and then to remove that data if necessary. BigDataRevealed
groups the data according to each customer, thereby making it easy to present information to every
customer, even if that single customer was processed in a group of many other customers.
BigDataRevealed’s Metadata stores the file, Column names, Row location and other information, which
can be used in other metadata systems, by ETL Developers, DBA’s and others to facilitate the deletion of
the Citizen’s data easily with the many legacy tools available.
BigDataRevealed’s comprehensive metadata Search Portal allows the user to
search for the necessary Metadata to fulfill the GDPR, CCPA and many others
Regulatory Requirements by:
Ability to search the Metadata Library and export
data to an excel spreadsheet using the following
criteria
Date Ranges , Specific Personal Data Patterns,
and Specific customers.
By Specific Types of Run such as Pattern / Data
Discovery, Business Classification
Compliancy is an ongoing process, as data is constantly changing or
being inserted. So, you must ask; How does one stay Compliant?
a. You must confirm that a person’s prior right of erasure is being honored,
and that their personal information has not once again entered your
company’s Data Assets. A list of Citizens that have exercised their right of
Erasure must be maintained and used in all processes adding or updating
Personal Information.
b. Data can sneak its way into your Data Assets from varying sources:
i. IoT, website Orders, Cookies, Third Party Purchases of Data,
Restores from within the company or from Data Recovery
Facilities, Internal Employees, even hackers. There are limitless
ways Information is ingested into companies data assets.
ii. To reasonably remain compliant with an Erasure request or
Deletion request you must continually look for and discover
exposed personal information for these individuals.
5. BigDataRevealed’s Comprehensive Metadata Catalogs are
invaluable in becoming nearly Compliant for GDPR, CCPA or others.
After reading this document, or discussing your company’s overall data environment with us,
you will understand that becoming 100% compliant might not be attainable for any company.
There is no obvious threshold to reach in order to believe you are compliant; and the nature
of your business may make it far more difficult for you to reach than for another company.
However, regulators will be expecting you to articulate your plans and accomplishments
while explaining the obstacles that are unique to you. Some of these obstacles are;
1. Operational/Production systems that are from vendors that are out of business and
NO Exit points exist to attach Spring API’s to perform encryption and decryption
functions.
2. An Operational/Production system is from a vendor that can’t provide assistance to
identify Exit Points.
3. Some of your Legacy systems are old or poorly constructed and identifying Exit Points
is extremely difficult.
4. Many other technical issues may take time to correct for proper
encryption/decryption processes to accurately and safely take place while not stifling
your business.
During this period of becoming compliant, a company may wish to run several Extensive
DPIA’s to prove to Regulatory Agencies and Courts that they have done what is possible and
have made progress. The company should prepare a timeline showing ongoing increases in
the percent of Citizens Person Data being protected.
BigDataRevealed believes we have the most comprehensive technology able to deliver
Compliancy by Design and allow companies to reach their maximum potential in Data
Protection and Regulatory Compliance and do so at with the most automation, and at an
affordable price point.
Here is the CCPA / GDPR 3 Day Training PowerPoint - https://www.slideshare.net/StevenMeister/ccpa-and-
gdpr-three-day-training-with-actual-deliverables-and-the-whys-and-hows-to-do-so
847-440-4439 https://www.youtube.com/channel/UC3F-qrvOIOwDj4ZKBMmoTWA?view_as=subscriber
GDPR 16 page PPT Plan - https://www.slideshare.net/StevenMeister/gdpr-ccpa-automated-compliance-
spark-java-application-features-and-functions-of-big-datarevealed-april-version-35
https://youtu.be/JGoQwoicUxw
Comprehensive Metadata Catalog Video for GDPR / CCPA - https://youtu.be/xryESgfzRcc