Kellyn Pot'Vin-Gorman presented on GDPR compliance. Some key points include:
- GDPR went into effect in May 2018 and covers any data belonging to an EU citizen.
- Fines for non-compliance can be up to 4% of annual revenue or €20 million.
- DBAs play a role in identifying critical data, auditing processes, and reporting on compliance.
- An AI tool assessed the privacy policies of 14 major companies and found they all failed to meet GDPR requirements.
- Achieving compliance requires security frameworks, data mapping, encryption, access controls, and dedicated teams.
Containers brought new approach for implementation of DevOps workflows. So our CEO, Ruslan Synytsky, devoted a speech to this topic during Madrid meetup and described in details how Java developers can get benefits from Docker containers in Jelastic Cloud.
Containers brought new approach for implementation of DevOps workflows. So our CEO, Ruslan Synytsky, devoted a speech to this topic during Madrid meetup and described in details how Java developers can get benefits from Docker containers in Jelastic Cloud.
My presentation at the October Agile Austin DevOps SIG about how we implemented DevOps on my team at National Instruments - techniques we used and lessons learned.
The Architecture of Continuous Innovation - OSCON 2015Chip Childers
For many years, the gold standard of business strategy has been the mantra “Sustainable competitive advantage.” But the world has changed. Moving forward, the mantra for survival must be “Continuous innovation.”
In this talk, I will take the audience inside the architectural foundation of a modern cloud native platform. I’ll walk through the tools they’ll use to deliver on the promise of continuous innovation — tools such as Docker, Lattice, Puppet, and Cloud Foundry. And I’ll show examples of how to use those tools to deliver the speed and portability businesses need to thrive in a cloud native world.
Webinar: How and Why to Containerize Your Legacy ApplicationsStorage Switzerland
Listen as experts from Storage Switzerland and HyperGrid discuss new alternatives to bi-modal IT that allow organizations to containerize legacy applications to create a completely agile data center. In this on demand webinar you will learn:
* What are Containers
* Why Should You Containerize Legacy Apps
* What are the Challenges of Moving Legacy Apps To Containers
* How to Overcome Container Challenges
DEVNET-1147 Energizing Your Career with Cloud TechnologiesCisco DevNet
In this session, we will discuss how to transform your career to align with one of the most dynamic parts of the industry. Speakers will cover topics including industry trends, emerging cloud technologies, and practical advice.
This topic introduces the need of a unique architecture style for Cloud Native application deployments. Further, the fitment of DevOps, usage of Microservices and the runtime of Cloud Native application (* as a Service) are covered in detail. The need of distributed computing in Cloud for Cloud Native applications is trivial to understand. Insights on the same are covered.
DataOps in Financial Services: enable higher-quality test ing + lower levels ...Ugo Pollio
In this session, you will learn how banks and financial services all over the world are using DataOps tools to:
- Comply with GDPR with fully masked test data
- Achieve faster environment refreshes
- Shift Left with production-like test data
- Reduce infrastructure requirements
- Enabling continuous integration and continuous delivery
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
The General Data Protection Regulation (GDPR) has arrived!
One monumental change is the introduction of Privacy by Design. In this keynote we will focus on the Privacy by Design (PbD) implications for developers.
Two cornerstones for a successful implementation of PbD will be pitched: 1) the integration of GDPR in a Secure Development Lifecycle approach 2) threat modeling and GDPR risk patterns
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Steven Meister
How to become GDPR & CCPA Compliant. See the complete 5 page GDPR, CCPA Compliancy Plan
Here is the CCPA / GDPR 3 Day Training PowerPoint - https://www.slideshare.net/StevenMeister/ccpa-and-gdpr-three-day-training-with-actual-deliverables-and-the-whys-and-hows-to-do-so
847-440-4439 https://www.youtube.com/channel/UC3F-qrvOIOwDj4ZKBMmoTWA?view_as=subscriber
GDPR 16 page PPT Plan - https://www.slideshare.net/StevenMeister/gdpr-ccpa-automated-compliance-spark-java-application-features-and-functions-of-big-datarevealed-april-version-35
https://youtu.be/JGoQwoicUxw
Comprehensive Metadata Catalog Video for GDPR / CCPA - https://youtu.be/xryESgfzRcc
My presentation at the October Agile Austin DevOps SIG about how we implemented DevOps on my team at National Instruments - techniques we used and lessons learned.
The Architecture of Continuous Innovation - OSCON 2015Chip Childers
For many years, the gold standard of business strategy has been the mantra “Sustainable competitive advantage.” But the world has changed. Moving forward, the mantra for survival must be “Continuous innovation.”
In this talk, I will take the audience inside the architectural foundation of a modern cloud native platform. I’ll walk through the tools they’ll use to deliver on the promise of continuous innovation — tools such as Docker, Lattice, Puppet, and Cloud Foundry. And I’ll show examples of how to use those tools to deliver the speed and portability businesses need to thrive in a cloud native world.
Webinar: How and Why to Containerize Your Legacy ApplicationsStorage Switzerland
Listen as experts from Storage Switzerland and HyperGrid discuss new alternatives to bi-modal IT that allow organizations to containerize legacy applications to create a completely agile data center. In this on demand webinar you will learn:
* What are Containers
* Why Should You Containerize Legacy Apps
* What are the Challenges of Moving Legacy Apps To Containers
* How to Overcome Container Challenges
DEVNET-1147 Energizing Your Career with Cloud TechnologiesCisco DevNet
In this session, we will discuss how to transform your career to align with one of the most dynamic parts of the industry. Speakers will cover topics including industry trends, emerging cloud technologies, and practical advice.
This topic introduces the need of a unique architecture style for Cloud Native application deployments. Further, the fitment of DevOps, usage of Microservices and the runtime of Cloud Native application (* as a Service) are covered in detail. The need of distributed computing in Cloud for Cloud Native applications is trivial to understand. Insights on the same are covered.
DataOps in Financial Services: enable higher-quality test ing + lower levels ...Ugo Pollio
In this session, you will learn how banks and financial services all over the world are using DataOps tools to:
- Comply with GDPR with fully masked test data
- Achieve faster environment refreshes
- Shift Left with production-like test data
- Reduce infrastructure requirements
- Enabling continuous integration and continuous delivery
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
The General Data Protection Regulation (GDPR) has arrived!
One monumental change is the introduction of Privacy by Design. In this keynote we will focus on the Privacy by Design (PbD) implications for developers.
Two cornerstones for a successful implementation of PbD will be pitched: 1) the integration of GDPR in a Secure Development Lifecycle approach 2) threat modeling and GDPR risk patterns
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Steven Meister
How to become GDPR & CCPA Compliant. See the complete 5 page GDPR, CCPA Compliancy Plan
Here is the CCPA / GDPR 3 Day Training PowerPoint - https://www.slideshare.net/StevenMeister/ccpa-and-gdpr-three-day-training-with-actual-deliverables-and-the-whys-and-hows-to-do-so
847-440-4439 https://www.youtube.com/channel/UC3F-qrvOIOwDj4ZKBMmoTWA?view_as=subscriber
GDPR 16 page PPT Plan - https://www.slideshare.net/StevenMeister/gdpr-ccpa-automated-compliance-spark-java-application-features-and-functions-of-big-datarevealed-april-version-35
https://youtu.be/JGoQwoicUxw
Comprehensive Metadata Catalog Video for GDPR / CCPA - https://youtu.be/xryESgfzRcc
The General Data Protection Regulation (GDPR) went into effect on May 25, 2018, and this has immediate implications for handling data in your big data, machine learning, and analytics environments. Traditional architectural approaches will need to be adjusted to be compliant with several of the provisions. The good news is that Cloudera can help you!
#1NWebinar: GDPR and Privacy Best Practices for Digital MarketersOne North
One North’s Managing Director of Technology Ryan Horner and legal process and technology consultant Bob Beach share details on how the EU’s General Data Protection Regulation (GDPR) could impact digital assets.
This webinar is designed to educate digital marketers, share actionable examples, and provide an overview of how One North can help clients ensure their digital properties are in compliance with the regulation and execute on those efforts. Beyond GDPR compliance, the session will also highlight important information for marketers as data privacy continues to become a critical and strategic component of digital.
Access the recording: https://youtu.be/ruQpN70LGt0
Why care about GDPR and avoid over $20 million fines, even outside EU ?FactoVia
Yes, YOU are concerned with 20 000 000€ fines, even outside EU ! You've been watched by Global Data Regulation Privacy !
At first, I thought that was only a EU matter, but when traveling to the US, it is a serious topic that impacts many IT companies worldwide !
This presentation is an introduction on how to get structured rapidly and be ready for D-Day, and avoid HUGE fines... and make citizen's privacy at last secured !
Official Website : http://www.eugdpr.org
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
Digital Transformation and the opportunities to use data in Analytics and Machine Learning are growing exponentially, but so too are the business and financial risks in Data Privacy. The increasing number of privacy incidents and data breaches are destroying brands and customer trust, and we will discuss how business prioritization can be benefit from a finance-based data risk assessment (FinDRA).
More than 60 countries have introduced privacy laws and by 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations. We will discuss use cases in financial services that are finding a balance between new technology impact, regulatory compliance, and commercial business opportunity. Several privacy-preserving and privacy-enhanced techniques can provide practical security for data in use and data sharing, but none universally cover all use cases. We will discuss what tools can we use mitigate business risks caused by security threats, data residency and privacy issues. We will discuss how technologies like pseudonymization, anonymization, tokenization, encryption, masking and privacy preservation in analytics and business intelligence are used in Analytics and Machine Learning.
Organizations are increasingly concerned about data security in processing personal information in external environments, such as the cloud; and information sharing. Data is spreading across hybrid IT infrastructure on-premises and multi-cloud services and we will discuss how to enforce consistent and holistic data security and privacy policies. Increasing numbers of data security, privacy and identity access management products are in use, but they do not integrate, do not share common policies, and we will discuss use cases in financial services of different techniques to protect and manage data security and privacy.
Creating a GDPR Action Plan; Not a Freakout PlanMediacurrent
Data security legislation like the GDPR allows users to control how and if their personal data is used by companies. Join our VP of Digital Strategy, Dawn Aly, and Open Source Security Lead, Mark Shropshire, both from Mediacurrent, as they give us actionable steps to take to ensure GDPR compliance.
Watch recorded webinar: http://bit.ly/2MVhON9
Date: 15th November 2017
Location: AI Lab Theatre
Time: 16:30 - 17:00
Speaker: Elisabeth Olafsdottir / Santiago Castro
Organisation: Microsoft / Keyrus
What approaches are being taken to tackle the policy challenges within the big data landscape, and how are these solutions coping in reality? This webinar will address these issues through the perspective of two projects: e-SIDES and SMOOTH. Daniel Bachlechner, of e-SIDES, will discuss the organizational and technical challenges that privacy-preserving big data technologies present, and how an increased level of dialogue between stakeholders can pave the way for appropriate and fair solutions. Rosa M. Araujo Rivero will delve into the main challenges experienced by SMEs and startups in dealing with GDPR compliance. Rosa’s work with the SMOOTH project will demonstrate how the proposed solutions are experienced in practice.
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
This eBook outlines the role marketers and analysts play in helping their companies:
- Govern all existing web and app technologies
- Collect, store and analyze data properly
- Ensure ethical marketing and analytics practices
GDPR Compliance Made Easy with Data VirtualizationDenodo
Companies should be gearing up for May 25, 2018 when the General Data Protection Regulation (GDPR) comes into effect. GPDR will affect how businesses that serve the European Union collect, use and transfer data, forcing them to provide specific reasons and need for the personal data they gather and prove their compliance with the principles established by the regulation.
The regulation is already creating many challenges for companies, including:
• Ensuring secure access to most current data, whether on or off-premise
• Consistent security across all data sources
• Data access audit
• Ability to provide data lineage
This webinar aims to demonstrate how data virtualization has surfaced as a straight-forward solution to many of the challenges and questions brought on by the GDPR. It will also include a case study of how Asurion already achieved the desired level of security with data virtualization.
Watch the webinar in full to learn more about the benefits of using data virtualization to smoothly comply with the GDPR: http://ow.ly/1kzk30bRw3i
Building the Governance Ready Enterprise for GDPR ComplianceIndex Engines Inc.
The EU General Data Protection Regulation (GDPR) fundamentally changes how organizations manage personal data. Giving citizens the right to access, rectify, erase, restrict, and migrate their personal content existing in any data center that does business in the European Union.
Index Engines' technology delivers extensive search and management solutions that empower you to find all personal data under management with considerable precision and meet or exceed the requirements of the regulation through implementation of powerful indexing technology. Index Engines supports all classes of data from primary storage to legacy backup data.
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredPrecisely
The California Consumer Privacy Act (CCPA) takes effect on January 1, 2020, mandating that data about consumers be protected against a breach. If your IBM i system contains data for consumers from the state of California, the time to prepare is now.
In this webinar featuring well-known IBM i encryption expert Patrick Townsend, we share information that will help you prepare for CCPA compliance, including:
• Consumer rights granted by CCPA
• Hardening systems to prevent a breach
• Obscuring data to prevent exposure
• How Syncsort can help
CCPA is almost here. View this webinar on-demand and get started down the path to compliance!
Impact of GDPR on Third Party and M&A SecurityEQS Group
GDPR impact has been dissected and examined to death - however, M&A activities, as well as third-party security posture, can be greatly affected as well, and this aspect has not been very often pursued. This session hopes to be useful for that.
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceCloudera, Inc.
The first webinar of the series starts at the beginning: preparing for GDPR compliance. In this session, we look at how technology and process come together to let organisations get to grips with the GDPR relevant data that flows around their companies and work towards compliance. We will give you practical examples on how to apply data discovery, data minimisation, data protection and security as well as the role of the record of processing in this.
Strategizing Big Data in Telco
Big data feels to be a very hot topic nowadays. Some industries depend on it completely, some have opportunities to roll out their strategies and execute, some just considering when it is a right time to hop in.
To my mind, Big Data is not about technology. Big data is about people generating data and data used for the benefit of people.
Big data is a pool of activities intended at processing the data a company owns (internal and external) so that to open new revenue opportunities, minimize costs and enhance UX.
I had some ideas and thoughts on what telecommunication companies may start from in formulating the Big Data Strategy and so packed some of the most important pieces of thoughts into a small presentation.
What is the difference between Small Data and Big Data?
What kind of data is used currently and which is to be relied on a new paradigm?
What kind of products are expected from telcos?
My personal ranking of operators in terms of their Big Data execution
What are the stages telcos should pass through to become a Big Data operator?
Prerequisites for Big Data transformation
Please take a look at the presentation to find answers to these questions and feel free to share your opinion.
Thanks!
This are my keynote slides from SQL Saturday Oregon 2023 on AI and the Intersection of AI, Machine Learning and Economnic Challenges as a Technical Specialist
This is the second session of the learning pathway at PASS Summit 2019, which is still a stand alone session to teach you how to write proper Linux BASH scripts
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
3. Free online webinar
events
Free 1-day local training
events
Local user groups
around the world
Online special interest
user groups
Business analytics
training
Get involved
Explore
everything
PASS has
to offer
Free Online Resources
Newsletters
PASS.org
4. Download the GuideBook App and
search: PASS Summit 2018
Follow the QR code link displayed on session
signage throughout the conference venue and in
the program guide
Session
evaluations
Your feedback is important
and valuable.
Go to passSummit.com
3 Ways to Access:
Submit by 5pm Friday, November 16th to win prizes.
5. • /kellyngorman
• @DBAKevlar
• kellyngorman
Kellyn Pot’Vin-Gorman
Data Platform Architect at Microsoft, EDU Team
Former Technical Intelligence Manager, Delphix
• Multi-platform DBA, (Oracle, MSSQL, MySQL,
Sybase, PostgreSQL, Informix…)
• Oracle ACE Director, (Alumni)
• Oak Table Network Member
• Idera ACE Alumni 2018
• STEM education with Raspberry Pi and Python,
including DevOxx4Kids, Oracle Education
Foundation and TechGirls
• Former President, Rocky Mtn Oracle User
Group
• Current President, Denver SQL Server User
Group
• Linux and DevOps author, instructor and
presenter.
• Blogger, (http://dbakevlar.com) Twitter:
@DBAKevlar
6. GDPR FAQs
• GDPR, (General Data Protection Regulations) went into effect for world
compliance to the EU requirements on May 25, 2018.
• Doesn’t just cover websites.
• Was put into effect in the EU on January 2017.
• Trivia-
When did most of EU start to panic about GDPR?
When did most in the US start to panic about GDPR?
What is the maximum fine if charged with violation of GDPR?
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-
recommendation/files/2014/wp216_en.pdf
7. The EU
• With Brexit, England will be
leaving the EU.
• Who thought Norway WAS
part of the EU?
• Who isn’t surprised that
Switzerland isn’t part of the
EU?
• What is citizens are
traveling, staying or online?
8. What is
GDPR Data?
Standard
Personal Data:
Name, Address,
Phone Number
Identification
Numbers:
Social Security
Numbers, IP
Address
Medical and
Financial
Information
Cookies, Geo
Tracking Info
9. What is GDPR Critical Data?
• Any data that belongs to an EU citizen.
• Name, address and/or phone number
• Email address or URL
• Banking Details
• Social Security Number
• Medical Information
• IP Address
• Posts on Social Media
10. Fines with GDPR Non-Compliance
The data breach penalties are either a fine of up to €10 million
or 2% of annual revenue, or up to €20m or 4% of annual
revenue.
11. What is the DBAs Role in GDPR?
• You have the role of controller and protector of the data.
• You will be responsible for:
• Identifying critical data.
• Auditing and a process to continue to identify critical data.
• Formal process to update or remove critical data.
• Ability to report on GDPR compliance.
13. GDPR Responsibility
• Although quite detailed, you must have the following to be compliant:
• The citizen has given consent to the processing of his or her personal data;
• You must have contractual obligations with a individual, or for tasks at the request of a data
subject who is in the process of entering into a contract;
• It must comply with a data controller's legal obligations;
• It must protect the vital interests of a data subject or another individual;
• Must perform a task in the public interest or in official authority;
• It must be for legitimate interests of a data controller or a third party, unless these interests are
overridden by interests of the data subject or her or his rights according to the Charter of
Fundamental Rights (especially in the case of children).
14. “There is a general lack of agreement about what exactly
GDPR compliance is…”
Graham Dufault,
Senior Director for Public Policy
ACT | The App Association.
16. Claudette Meets GDPR Project
• Used an AI tool, (Claudette) in June, 2018, to assess automatically whether privacy policies
were compliant for GDPR for 14 companies
• The companies, (Amazon, Apple, Microsoft, WhatsApp, Twitter, Uber, AirBnB, Booking,
Skyscanner, Netflix, Steam and Epic Games) were chosen as the most used services in a
selection of sectors and as good examples.
• Claudette expected the compliance to be comprehensive of all required information to GDPR
and comprehensible to anyone working with it.
• There was a golden standard devised, a model that Claudette used for the assessment.
• All fourteen companies failed the assessment.
https://www.beuc.eu/publications/beuc-x-2018-065_faq_-_artificial_intelligence_meets_gdpr.pdf
17. Claudette Lessons Learned
• None of the companies provided all the information required by GDPR
• Data processing is continually at odds with how GDPR requirements assume
it is.
• No banner agreement on a website conveys agreement to privacy policies for
GDPR to a website, (which we’ll cover more later on.)
• Due to the complex wording and lacking information in policies, it’s almost
impossible for any user to know what they’ve agreed to regarding their data
privacy where GDPR is concerned.
https://www.beuc.eu/publications/beuc-x-2018-065_faq_-_artificial_intelligence_meets_gdpr.pdf
19. The Conundrum
• Companies are already strapped with standard regulatory
requirements and security issues.
• Due to demands from SOX, HIPAA and PII
• GDPR has raised the pofile of data privacy and cybersecurity to a
buzzword within the C-level.
• The rise of the Chief Security Officer, (CSO) has begun.
• By the May deadline, it was an $8 billion investment
20. This is a Technical Overview of Handling GDPR
So what can you do with GDPR to cover your ass(ets)?
23. Adopt Cybersecurity and Privacy Framwork
• Use a common framework, approved as compliant with GDPR for
policies and procedures.
• Have the buy in from the entire IT department and the business
owner.
• Well documented policies with clear and concise terminology of
what is covered.
• As enhancements or new features are added, ensure that
documentation is up to date.
25. Third Party Vendors
• Third party vendors must take appropriate steps to be GDPR
compliant
• Data residing in their systems.
• Data in transit
• Shared with third parties or partners.
• As the source who collected the data is accountable, not the third
party, this is as important as securing your own systems.
• Have a full contract stating what is covered by the GDPR
agreement
26. Multi-factor authentication
Build it into EVERYTHING.
Consider incorporating secondary
authentication into smart phones using
smart unlocks and smart scans.
28. Having a Sign-off Agreement Isn’t enough
• Many sites have GDPR agreements on their web portal or site.
• This is simply an agreement that says the customer knows the site collects
personal identifying data.
This is not GDPR
At the Web Tier, you must
• Know what data is cached or stored at the web tier.
• Have a process to audit and remove if requested from the user.
• Have a way to track all of these procedures.
29. Data Mapping
• Diagrams must map where
data is located and where
it goes inside every data
system in the company.
30. Client
Applications
• Identify Where Data is Stored:
• Flat files, including workstation copies of MS
Access, Excel and even Notepad.
• Consider adding encryption at the
application and host level.
• Purge system of unnecessary copies that
could result in a breach.
• Build audit procedures into transactional
applications that will track GDPR data.
31. Analytics
• To enhance performance and ease
visuals-
• Localized datasets in analytics tools
• A Tabular data model in an Analysis
Server is still data stored outside of
the source database.
• Know that data sets that are found
in analytics tools, (like Power BI)
may come from relational
databases, Access, Excel and CSV
files.
• Ease of access results in complex
auditing of analytics systems.
33. Form A GDPR Team
• Business User
• Application Support
• System Administrator
• Database Administrator
• Project Manager
34. How to Take on a GDPR Project
• Identify areas under GDPR
• Create outline of what data must be protected.
• Design processes and procedures to identify critical data.
• Use third party tools and features for auditing and mature tracking of
GDPR data.
• All team members MUST understand the importance of GDPR.
35. Data Vulnerabilities
• Data cached at application level and
available to users.
• Flat files that may support data,
along with keys that may be
vulnerable and used for encryption.
• Analytics Data and tabular models
that may store critical data
• Backups, data retained for records.
36. Categorizing
Environments
All environments are not created
equal.
• Treat applications and analytics
to the same requirements if
data is stored within.
• Don’t implement the same
solutions to development, test
and QA/Unit testing as staging
and production.
38. Encryption of
Data-
Production
• Obfuscates data with the user of encryption keys.
• Without the appropriate key and/or password, the data
is useless.
• Limits risk if data is breached outside the data, even if
the access is at the host level, as the data is still
encrypted.
• Beneficial when data is accessible from public networks
or websites.
• Does not replace security procedures- at host and
application level.
39. Dynamic Data
Masking- True
Masking?
• Excellent to protect from data “above
the covers”
• Less acceptable in terms of breeches or
commandeered data environments.
Don’t rely on this solution for
enterprise data protection of critical,
GDPR requirements.
41. Irreversible
Masking Data
and Masking of
Non-Prod
• Is different, (PII, HIPPA, PCI, etc.) as it
renders the information useless from
a security standpoint, even if there is
a full copy of the database breeched.
• Resolves both the technical and
personal responsibility issue.
• The data can be masked before it
moves to non-production, removing
risk.
• As discussed, 80% of data on average
is non-production.
• Must have a robust discovery and
identification process.
• Masks all data and if it does it for
strings in data stores and flat files,
this is a bonus!
47. Don’t Store These in the
Database
• Encryption keys
• License keys
• Environment passwords and
directories
• AND Database Passwords
Passwords should never be in
clear text….ever.
Use Azure Key Vault
48. Block Chain is
Cool!
Not so much for GDPR
Blockchain is-
• Immutable digital ledger
• Stored in a block
• Added to a chain once verified
• Decentralized
This makes it very difficult for
GDPR procedures
50. The Future with Data
Protection
• Eleven other states will have similar data
protection and breach notification laws going in
front of voters this election.
• There is an added complexity that its state
driven vs. federal, (i.e. like EU’s solution)
• July, 2018, Senator Mark Warner released a
position paper that’s gaining a lot of attention
and encompasses the major areas of GDPR.
• New companies who will make it their business
to audit companies, collect fines and profit from
part of this money that is agreed upon with the
EU.
• Google’s “Framework for Responsible Data
Protection Regulation” was released in
September, a month before the 500K breach.
More companies are expected to follow suit.
51. Half GDPR
Compliance
Doesn’t Make
You Compliant
• A GDPR Security Team is a must for any company
• Identification of all GDPR data is essential
• Business users must understand the importance of
GDPR
• Most GDPR violations will be found to be
unintentional by users making copies from
secure systems.
• Analytics Environments and Block Chain create
complex challenges for GDPR
• Work to combine other security projects and
frameworks into one with GDPR, (CCPA, SOX, HIPAA,
etc.) to create efficiency.
52. Data is the
Centric to
GDPR
• Identify
• Secure
• Audit
• Track
• Remove
Databases
• Big Data
• Analytics tools
• Application tier
Not the only place data resides
53. Summary
Invest in policies that make sense and can grow with
the organization
Dedicate resources to GDPR, but combine them with
other security groups when possible.
Incorporate cybersecurity as the first line of defense.
Not all data obfuscation is the same.
Don’t treat all environments the same.
Data doesn’t just reside in the database.
54. Thank You
Learn more from Kellyn Pot’Vin-Gorman
@DBAKevlar kegorman@Microsoft.com