SlideShare a Scribd company logo

GDPR- The Buck Stops Here

Kellyn Pot'Vin-Gorman
Kellyn Pot'Vin-Gorman

Kellyn Pot'Vin-Gorman presented on GDPR compliance. Some key points include: - GDPR went into effect in May 2018 and covers any data belonging to an EU citizen. - Fines for non-compliance can be up to 4% of annual revenue or €20 million. - DBAs play a role in identifying critical data, auditing processes, and reporting on compliance. - An AI tool assessed the privacy policies of 14 major companies and found they all failed to meet GDPR requirements. - Achieving compliance requires security frameworks, data mapping, encryption, access controls, and dedicated teams.

Technology
1 of 54
Download to read offline
Kellyn Pot’Vin-Gorman, DevOps Engineer and now Data Platform Architect in Power BI and AI at Microsoft GDPR- The Buck Stops Here
Please silence cell phones
Free online webinar events Free 1-day local training events Local user groups around the world Online special interest user groups Business analytics training Get involved Explore everything PASS has to offer Free Online Resources Newsletters PASS.org
Download the GuideBook App and search: PASS Summit 2018 Follow the QR code link displayed on session signage throughout the conference venue and in the program guide Session evaluations Your feedback is important and valuable. Go to passSummit.com 3 Ways to Access: Submit by 5pm Friday, November 16th to win prizes.
• /kellyngorman • @DBAKevlar • kellyngorman Kellyn Pot’Vin-Gorman Data Platform Architect at Microsoft, EDU Team Former Technical Intelligence Manager, Delphix • Multi-platform DBA, (Oracle, MSSQL, MySQL, Sybase, PostgreSQL, Informix…) • Oracle ACE Director, (Alumni) • Oak Table Network Member • Idera ACE Alumni 2018 • STEM education with Raspberry Pi and Python, including DevOxx4Kids, Oracle Education Foundation and TechGirls • Former President, Rocky Mtn Oracle User Group • Current President, Denver SQL Server User Group • Linux and DevOps author, instructor and presenter. • Blogger, (http://dbakevlar.com) Twitter: @DBAKevlar
GDPR FAQs • GDPR, (General Data Protection Regulations) went into effect for world compliance to the EU requirements on May 25, 2018. • Doesn’t just cover websites. • Was put into effect in the EU on January 2017. • Trivia- When did most of EU start to panic about GDPR? When did most in the US start to panic about GDPR? What is the maximum fine if charged with violation of GDPR? http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion- recommendation/files/2014/wp216_en.pdf
The EU • With Brexit, England will be leaving the EU. • Who thought Norway WAS part of the EU? • Who isn’t surprised that Switzerland isn’t part of the EU? • What is citizens are traveling, staying or online?
What is GDPR Data? Standard Personal Data: Name, Address, Phone Number Identification Numbers: Social Security Numbers, IP Address Medical and Financial Information Cookies, Geo Tracking Info
What is GDPR Critical Data? • Any data that belongs to an EU citizen. • Name, address and/or phone number • Email address or URL • Banking Details • Social Security Number • Medical Information • IP Address • Posts on Social Media
Fines with GDPR Non-Compliance The data breach penalties are either a fine of up to €10 million or 2% of annual revenue, or up to €20m or 4% of annual revenue.
What is the DBAs Role in GDPR? • You have the role of controller and protector of the data. • You will be responsible for: • Identifying critical data. • Auditing and a process to continue to identify critical data. • Formal process to update or remove critical data. • Ability to report on GDPR compliance.
How Are We Doing?
GDPR Responsibility • Although quite detailed, you must have the following to be compliant: • The citizen has given consent to the processing of his or her personal data; • You must have contractual obligations with a individual, or for tasks at the request of a data subject who is in the process of entering into a contract; • It must comply with a data controller's legal obligations; • It must protect the vital interests of a data subject or another individual; • Must perform a task in the public interest or in official authority; • It must be for legitimate interests of a data controller or a third party, unless these interests are overridden by interests of the data subject or her or his rights according to the Charter of Fundamental Rights (especially in the case of children).
“There is a general lack of agreement about what exactly GDPR compliance is…” Graham Dufault, Senior Director for Public Policy ACT | The App Association.
Responsibility Companies must provide REASONABLE levels of data protection- what does this mean?
Claudette Meets GDPR Project • Used an AI tool, (Claudette) in June, 2018, to assess automatically whether privacy policies were compliant for GDPR for 14 companies • The companies, (Amazon, Apple, Microsoft, WhatsApp, Twitter, Uber, AirBnB, Booking, Skyscanner, Netflix, Steam and Epic Games) were chosen as the most used services in a selection of sectors and as good examples. • Claudette expected the compliance to be comprehensive of all required information to GDPR and comprehensible to anyone working with it. • There was a golden standard devised, a model that Claudette used for the assessment. • All fourteen companies failed the assessment. https://www.beuc.eu/publications/beuc-x-2018-065_faq_-_artificial_intelligence_meets_gdpr.pdf
Claudette Lessons Learned • None of the companies provided all the information required by GDPR • Data processing is continually at odds with how GDPR requirements assume it is. • No banner agreement on a website conveys agreement to privacy policies for GDPR to a website, (which we’ll cover more later on.) • Due to the complex wording and lacking information in policies, it’s almost impossible for any user to know what they’ve agreed to regarding their data privacy where GDPR is concerned. https://www.beuc.eu/publications/beuc-x-2018-065_faq_-_artificial_intelligence_meets_gdpr.pdf
Introduction to Claudette http://www.claudette.eu/gdpr/
The Conundrum • Companies are already strapped with standard regulatory requirements and security issues. • Due to demands from SOX, HIPAA and PII • GDPR has raised the pofile of data privacy and cybersecurity to a buzzword within the C-level. • The rise of the Chief Security Officer, (CSO) has begun. • By the May deadline, it was an $8 billion investment
This is a Technical Overview of Handling GDPR So what can you do with GDPR to cover your ass(ets)?
Microsoft Takes it Seriously https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted
Security
Adopt Cybersecurity and Privacy Framwork • Use a common framework, approved as compliant with GDPR for policies and procedures. • Have the buy in from the entire IT department and the business owner. • Well documented policies with clear and concise terminology of what is covered. • As enhancements or new features are added, ensure that documentation is up to date.
Cyber Security Tools www.microsoft.com/sir
Third Party Vendors • Third party vendors must take appropriate steps to be GDPR compliant • Data residing in their systems. • Data in transit • Shared with third parties or partners. • As the source who collected the data is accountable, not the third party, this is as important as securing your own systems. • Have a full contract stating what is covered by the GDPR agreement
Multi-factor authentication Build it into EVERYTHING. Consider incorporating secondary authentication into smart phones using smart unlocks and smart scans.
Applications and Websites
Having a Sign-off Agreement Isn’t enough • Many sites have GDPR agreements on their web portal or site. • This is simply an agreement that says the customer knows the site collects personal identifying data. This is not GDPR At the Web Tier, you must • Know what data is cached or stored at the web tier. • Have a process to audit and remove if requested from the user. • Have a way to track all of these procedures.
Data Mapping • Diagrams must map where data is located and where it goes inside every data system in the company.
Client Applications • Identify Where Data is Stored: • Flat files, including workstation copies of MS Access, Excel and even Notepad. • Consider adding encryption at the application and host level. • Purge system of unnecessary copies that could result in a breach. • Build audit procedures into transactional applications that will track GDPR data.
Analytics • To enhance performance and ease visuals- • Localized datasets in analytics tools • A Tabular data model in an Analysis Server is still data stored outside of the source database. • Know that data sets that are found in analytics tools, (like Power BI) may come from relational databases, Access, Excel and CSV files. • Ease of access results in complex auditing of analytics systems.
How Will You Accomplish This?
Form A GDPR Team • Business User • Application Support • System Administrator • Database Administrator • Project Manager
How to Take on a GDPR Project • Identify areas under GDPR • Create outline of what data must be protected. • Design processes and procedures to identify critical data. • Use third party tools and features for auditing and mature tracking of GDPR data. • All team members MUST understand the importance of GDPR.
Data Vulnerabilities • Data cached at application level and available to users. • Flat files that may support data, along with keys that may be vulnerable and used for encryption. • Analytics Data and tabular models that may store critical data • Backups, data retained for records.
Categorizing Environments All environments are not created equal. • Treat applications and analytics to the same requirements if data is stored within. • Don’t implement the same solutions to development, test and QA/Unit testing as staging and production.
Confidential data Exposure Production Non-production
Encryption of Data- Production • Obfuscates data with the user of encryption keys. • Without the appropriate key and/or password, the data is useless. • Limits risk if data is breached outside the data, even if the access is at the host level, as the data is still encrypted. • Beneficial when data is accessible from public networks or websites. • Does not replace security procedures- at host and application level.
Dynamic Data Masking- True Masking? • Excellent to protect from data “above the covers” • Less acceptable in terms of breeches or commandeered data environments. Don’t rely on this solution for enterprise data protection of critical, GDPR requirements.
Dynamic Architecture https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking?view=sql-server-2017 432-22-9874 432-XX-XXXX Teachers Admissions Masking Functions Masking Policies
Irreversible Masking Data and Masking of Non-Prod • Is different, (PII, HIPPA, PCI, etc.) as it renders the information useless from a security standpoint, even if there is a full copy of the database breeched. • Resolves both the technical and personal responsibility issue. • The data can be masked before it moves to non-production, removing risk. • As discussed, 80% of data on average is non-production. • Must have a robust discovery and identification process. • Masks all data and if it does it for strings in data stores and flat files, this is a bonus!
Irreversible Masking Products https://www.trustradius.com/data-masking-software
Demo
Data Virtualization, On-Prem with Masking Source 8 TB database Masking Engine Application Server File Server
Confidential Data with Masking Exposure Production Non-production Encryption Mask Solution
The Kitchen Sink
Don’t Store These in the Database • Encryption keys • License keys • Environment passwords and directories • AND Database Passwords Passwords should never be in clear text….ever. Use Azure Key Vault
Block Chain is Cool! Not so much for GDPR Blockchain is- • Immutable digital ledger • Stored in a block • Added to a chain once verified • Decentralized This makes it very difficult for GDPR procedures
Blockchain Requires Unique Procedures B B B B B B B B B B B B
The Future with Data Protection • Eleven other states will have similar data protection and breach notification laws going in front of voters this election. • There is an added complexity that its state driven vs. federal, (i.e. like EU’s solution) • July, 2018, Senator Mark Warner released a position paper that’s gaining a lot of attention and encompasses the major areas of GDPR. • New companies who will make it their business to audit companies, collect fines and profit from part of this money that is agreed upon with the EU. • Google’s “Framework for Responsible Data Protection Regulation” was released in September, a month before the 500K breach. More companies are expected to follow suit.
Half GDPR Compliance Doesn’t Make You Compliant • A GDPR Security Team is a must for any company • Identification of all GDPR data is essential • Business users must understand the importance of GDPR • Most GDPR violations will be found to be unintentional by users making copies from secure systems. • Analytics Environments and Block Chain create complex challenges for GDPR • Work to combine other security projects and frameworks into one with GDPR, (CCPA, SOX, HIPAA, etc.) to create efficiency.
Data is the Centric to GDPR • Identify • Secure • Audit • Track • Remove Databases • Big Data • Analytics tools • Application tier Not the only place data resides
Summary Invest in policies that make sense and can grow with the organization Dedicate resources to GDPR, but combine them with other security groups when possible. Incorporate cybersecurity as the first line of defense. Not all data obfuscation is the same. Don’t treat all environments the same. Data doesn’t just reside in the database.
Thank You Learn more from Kellyn Pot’Vin-Gorman @DBAKevlar kegorman@Microsoft.com

Recommended

DevOps and Decoys How to Build a Successful Microsoft DevOps Including the Data
DevOps and Decoys How to Build a Successful Microsoft DevOps Including the DataDevOps and Decoys How to Build a Successful Microsoft DevOps Including the Data
DevOps and Decoys How to Build a Successful Microsoft DevOps Including the Data
Kellyn Pot'Vin-Gorman
 
DevOps and the DBA- 24 Hours of Pass
DevOps and the DBA- 24 Hours of PassDevOps and the DBA- 24 Hours of Pass
DevOps and the DBA- 24 Hours of Pass
Kellyn Pot'Vin-Gorman
 
Copy Data Management for the DBA
Copy Data Management for the DBACopy Data Management for the DBA
Copy Data Management for the DBA
Kellyn Pot'Vin-Gorman
 
Cloudy with a Chance of Databases
Cloudy with a Chance of DatabasesCloudy with a Chance of Databases
Cloudy with a Chance of Databases
Kellyn Pot'Vin-Gorman
 
DevOps and the DBA
DevOps and the DBADevOps and the DBA
DevOps and the DBA
Kellyn Pot'Vin-Gorman
 
The Last Frontier- Virtualization, Hybrid Management and the Cloud
The Last Frontier- Virtualization, Hybrid Management and the CloudThe Last Frontier- Virtualization, Hybrid Management and the Cloud
The Last Frontier- Virtualization, Hybrid Management and the Cloud
Kellyn Pot'Vin-Gorman
 
Docker for the enterprise
Docker for the enterpriseDocker for the enterprise
Docker for the enterprise
Bert Poller
 
Jelastic - DevOps for Java with Docker Containers - Madrid 2015
Jelastic - DevOps for Java with Docker Containers - Madrid 2015Jelastic - DevOps for Java with Docker Containers - Madrid 2015
Jelastic - DevOps for Java with Docker Containers - Madrid 2015
Jelastic Multi-Cloud PaaS
 

Recommended

DevOps and Decoys How to Build a Successful Microsoft DevOps Including the Data
DevOps and Decoys How to Build a Successful Microsoft DevOps Including the DataDevOps and Decoys How to Build a Successful Microsoft DevOps Including the Data
DevOps and Decoys How to Build a Successful Microsoft DevOps Including the Data
Kellyn Pot'Vin-Gorman
 
DevOps and the DBA- 24 Hours of Pass
DevOps and the DBA- 24 Hours of PassDevOps and the DBA- 24 Hours of Pass
DevOps and the DBA- 24 Hours of Pass
Kellyn Pot'Vin-Gorman
 
Copy Data Management for the DBA
Copy Data Management for the DBACopy Data Management for the DBA
Copy Data Management for the DBA
Kellyn Pot'Vin-Gorman
 
Cloudy with a Chance of Databases
Cloudy with a Chance of DatabasesCloudy with a Chance of Databases
Cloudy with a Chance of Databases
Kellyn Pot'Vin-Gorman
 
DevOps and the DBA
DevOps and the DBADevOps and the DBA
DevOps and the DBA
Kellyn Pot'Vin-Gorman
 
The Last Frontier- Virtualization, Hybrid Management and the Cloud
The Last Frontier- Virtualization, Hybrid Management and the CloudThe Last Frontier- Virtualization, Hybrid Management and the Cloud
The Last Frontier- Virtualization, Hybrid Management and the Cloud
Kellyn Pot'Vin-Gorman
 
Docker for the enterprise
Docker for the enterpriseDocker for the enterprise
Docker for the enterprise
Bert Poller
 
Jelastic - DevOps for Java with Docker Containers - Madrid 2015
Jelastic - DevOps for Java with Docker Containers - Madrid 2015Jelastic - DevOps for Java with Docker Containers - Madrid 2015
Jelastic - DevOps for Java with Docker Containers - Madrid 2015
Jelastic Multi-Cloud PaaS
 
Alibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker EnterpriseAlibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker Enterprise
John Willis
 
Delivering Developer Tools at Scale
Delivering Developer Tools at ScaleDelivering Developer Tools at Scale
Delivering Developer Tools at Scale
Oracle Developers
 
Oracle Code Keynote with Thomas Kurian
Oracle Code Keynote with Thomas KurianOracle Code Keynote with Thomas Kurian
Oracle Code Keynote with Thomas Kurian
Oracle Developers
 
New DevOps for the DBA
New DevOps for the DBANew DevOps for the DBA
New DevOps for the DBA
Kellyn Pot'Vin-Gorman
 
DevOps and Cloud at NI
DevOps and Cloud at NIDevOps and Cloud at NI
DevOps and Cloud at NI
Ernest Mueller
 
Database CI/CD Pipeline
Database CI/CD PipelineDatabase CI/CD Pipeline
Database CI/CD Pipeline
muhammadhashir57
 
The Architecture of Continuous Innovation - OSCON 2015
The Architecture of Continuous Innovation - OSCON 2015The Architecture of Continuous Innovation - OSCON 2015
The Architecture of Continuous Innovation - OSCON 2015
Chip Childers
 
Webinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy ApplicationsWebinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy Applications
Storage Switzerland
 
.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles
VMware Tanzu
 
Cloud for agile_sw_projects-final
Cloud for agile_sw_projects-finalCloud for agile_sw_projects-final
Cloud for agile_sw_projects-final
Alain Delafosse
 
Tecnologias Oracle em Docker Containers On-premise e na Nuvem
Tecnologias Oracle em Docker Containers On-premise e na NuvemTecnologias Oracle em Docker Containers On-premise e na Nuvem
Tecnologias Oracle em Docker Containers On-premise e na Nuvem
Bruno Borges
 
Talk at the Boston Cloud Foundry Meetup June 2015
Talk at the Boston Cloud Foundry Meetup June 2015Talk at the Boston Cloud Foundry Meetup June 2015
Talk at the Boston Cloud Foundry Meetup June 2015
Chip Childers
 
DevOps LA Meetup Intro to Habitat
DevOps LA Meetup Intro to HabitatDevOps LA Meetup Intro to Habitat
DevOps LA Meetup Intro to Habitat
Jessica DeVita
 
DEVNET-1147 Energizing Your Career with Cloud Technologies
DEVNET-1147 Energizing Your Career with Cloud TechnologiesDEVNET-1147 Energizing Your Career with Cloud Technologies
DEVNET-1147 Energizing Your Career with Cloud Technologies
Cisco DevNet
 
Calculating the Savings of Moving Your Drupal Site to the Cloud
Calculating the Savings of Moving Your Drupal Site to the CloudCalculating the Savings of Moving Your Drupal Site to the Cloud
Calculating the Savings of Moving Your Drupal Site to the CloudAcquia
 
Cloud Native Application Development
Cloud Native Application DevelopmentCloud Native Application Development
Cloud Native Application Development
Siva Rama Krishna Chunduru
 
Watson on bluemix
Watson on bluemixWatson on bluemix
Watson on bluemix
Animesh Singh
 
Lean Enterprise, Microservices and Big Data
Lean Enterprise, Microservices and Big DataLean Enterprise, Microservices and Big Data
Lean Enterprise, Microservices and Big DataStylight
 
DataOps in Financial Services: enable higher-quality test ing + lower levels ...
DataOps in Financial Services: enable higher-quality test ing + lower levels ...DataOps in Financial Services: enable higher-quality test ing + lower levels ...
DataOps in Financial Services: enable higher-quality test ing + lower levels ...
Ugo Pollio
 
From DBA to DevOps to DataOps- The Revolution
From DBA to DevOps to DataOps- The RevolutionFrom DBA to DevOps to DataOps- The Revolution
From DBA to DevOps to DataOps- The Revolution
Kellyn Pot'Vin-Gorman
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
Sebastien Deleersnyder
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Steven Meister
 

More Related Content

What's hot

Alibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker EnterpriseAlibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker Enterprise
John Willis
 
Delivering Developer Tools at Scale
Delivering Developer Tools at ScaleDelivering Developer Tools at Scale
Delivering Developer Tools at Scale
Oracle Developers
 
Oracle Code Keynote with Thomas Kurian
Oracle Code Keynote with Thomas KurianOracle Code Keynote with Thomas Kurian
Oracle Code Keynote with Thomas Kurian
Oracle Developers
 
New DevOps for the DBA
New DevOps for the DBANew DevOps for the DBA
New DevOps for the DBA
Kellyn Pot'Vin-Gorman
 
DevOps and Cloud at NI
DevOps and Cloud at NIDevOps and Cloud at NI
DevOps and Cloud at NI
Ernest Mueller
 
Database CI/CD Pipeline
Database CI/CD PipelineDatabase CI/CD Pipeline
Database CI/CD Pipeline
muhammadhashir57
 
The Architecture of Continuous Innovation - OSCON 2015
The Architecture of Continuous Innovation - OSCON 2015The Architecture of Continuous Innovation - OSCON 2015
The Architecture of Continuous Innovation - OSCON 2015
Chip Childers
 
Webinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy ApplicationsWebinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy Applications
Storage Switzerland
 
.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles
VMware Tanzu
 
Cloud for agile_sw_projects-final
Cloud for agile_sw_projects-finalCloud for agile_sw_projects-final
Cloud for agile_sw_projects-final
Alain Delafosse
 
Tecnologias Oracle em Docker Containers On-premise e na Nuvem
Tecnologias Oracle em Docker Containers On-premise e na NuvemTecnologias Oracle em Docker Containers On-premise e na Nuvem
Tecnologias Oracle em Docker Containers On-premise e na Nuvem
Bruno Borges
 
Talk at the Boston Cloud Foundry Meetup June 2015
Talk at the Boston Cloud Foundry Meetup June 2015Talk at the Boston Cloud Foundry Meetup June 2015
Talk at the Boston Cloud Foundry Meetup June 2015
Chip Childers
 
DevOps LA Meetup Intro to Habitat
DevOps LA Meetup Intro to HabitatDevOps LA Meetup Intro to Habitat
DevOps LA Meetup Intro to Habitat
Jessica DeVita
 
DEVNET-1147 Energizing Your Career with Cloud Technologies
DEVNET-1147 Energizing Your Career with Cloud TechnologiesDEVNET-1147 Energizing Your Career with Cloud Technologies
DEVNET-1147 Energizing Your Career with Cloud Technologies
Cisco DevNet
 
Calculating the Savings of Moving Your Drupal Site to the Cloud
Calculating the Savings of Moving Your Drupal Site to the CloudCalculating the Savings of Moving Your Drupal Site to the Cloud
Calculating the Savings of Moving Your Drupal Site to the CloudAcquia
 
Cloud Native Application Development
Cloud Native Application DevelopmentCloud Native Application Development
Cloud Native Application Development
Siva Rama Krishna Chunduru
 
Watson on bluemix
Watson on bluemixWatson on bluemix
Watson on bluemix
Animesh Singh
 
Lean Enterprise, Microservices and Big Data
Lean Enterprise, Microservices and Big DataLean Enterprise, Microservices and Big Data
Lean Enterprise, Microservices and Big DataStylight
 
DataOps in Financial Services: enable higher-quality test ing + lower levels ...
DataOps in Financial Services: enable higher-quality test ing + lower levels ...DataOps in Financial Services: enable higher-quality test ing + lower levels ...
DataOps in Financial Services: enable higher-quality test ing + lower levels ...
Ugo Pollio
 
From DBA to DevOps to DataOps- The Revolution
From DBA to DevOps to DataOps- The RevolutionFrom DBA to DevOps to DataOps- The Revolution
From DBA to DevOps to DataOps- The Revolution
Kellyn Pot'Vin-Gorman
 

What's hot (20)

Alibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker EnterpriseAlibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker Enterprise
 
Delivering Developer Tools at Scale
Delivering Developer Tools at ScaleDelivering Developer Tools at Scale
Delivering Developer Tools at Scale
 
Oracle Code Keynote with Thomas Kurian
Oracle Code Keynote with Thomas KurianOracle Code Keynote with Thomas Kurian
Oracle Code Keynote with Thomas Kurian
 
New DevOps for the DBA
New DevOps for the DBANew DevOps for the DBA
New DevOps for the DBA
 
DevOps and Cloud at NI
DevOps and Cloud at NIDevOps and Cloud at NI
DevOps and Cloud at NI
 
Database CI/CD Pipeline
Database CI/CD PipelineDatabase CI/CD Pipeline
Database CI/CD Pipeline
 
The Architecture of Continuous Innovation - OSCON 2015
The Architecture of Continuous Innovation - OSCON 2015The Architecture of Continuous Innovation - OSCON 2015
The Architecture of Continuous Innovation - OSCON 2015
 
Webinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy ApplicationsWebinar: How and Why to Containerize Your Legacy Applications
Webinar: How and Why to Containerize Your Legacy Applications
 
.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles
 
Cloud for agile_sw_projects-final
Cloud for agile_sw_projects-finalCloud for agile_sw_projects-final
Cloud for agile_sw_projects-final
 
Tecnologias Oracle em Docker Containers On-premise e na Nuvem
Tecnologias Oracle em Docker Containers On-premise e na NuvemTecnologias Oracle em Docker Containers On-premise e na Nuvem
Tecnologias Oracle em Docker Containers On-premise e na Nuvem
 
Talk at the Boston Cloud Foundry Meetup June 2015
Talk at the Boston Cloud Foundry Meetup June 2015Talk at the Boston Cloud Foundry Meetup June 2015
Talk at the Boston Cloud Foundry Meetup June 2015
 
DevOps LA Meetup Intro to Habitat
DevOps LA Meetup Intro to HabitatDevOps LA Meetup Intro to Habitat
DevOps LA Meetup Intro to Habitat
 
DEVNET-1147 Energizing Your Career with Cloud Technologies
DEVNET-1147 Energizing Your Career with Cloud TechnologiesDEVNET-1147 Energizing Your Career with Cloud Technologies
DEVNET-1147 Energizing Your Career with Cloud Technologies
 
Calculating the Savings of Moving Your Drupal Site to the Cloud
Calculating the Savings of Moving Your Drupal Site to the CloudCalculating the Savings of Moving Your Drupal Site to the Cloud
Calculating the Savings of Moving Your Drupal Site to the Cloud
 
Cloud Native Application Development
Cloud Native Application DevelopmentCloud Native Application Development
Cloud Native Application Development
 
Watson on bluemix
Watson on bluemixWatson on bluemix
Watson on bluemix
 
Lean Enterprise, Microservices and Big Data
Lean Enterprise, Microservices and Big DataLean Enterprise, Microservices and Big Data
Lean Enterprise, Microservices and Big Data
 
DataOps in Financial Services: enable higher-quality test ing + lower levels ...
DataOps in Financial Services: enable higher-quality test ing + lower levels ...DataOps in Financial Services: enable higher-quality test ing + lower levels ...
DataOps in Financial Services: enable higher-quality test ing + lower levels ...
 
From DBA to DevOps to DataOps- The Revolution
From DBA to DevOps to DataOps- The RevolutionFrom DBA to DevOps to DataOps- The Revolution
From DBA to DevOps to DataOps- The Revolution
 

Similar to GDPR- The Buck Stops Here

Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
Sebastien Deleersnyder
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Steven Meister
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR compliance
Cloudera, Inc.
 
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
One North
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
Gary Dodson
 
Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?
FactoVia
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout Plan
Mediacurrent
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
Matt Stubbs
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod
Garet Keller
 
BDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEs
Big Data Value Association
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
ObservePoint
 
GDPR Compliance Made Easy with Data Virtualization
GDPR Compliance Made Easy with Data VirtualizationGDPR Compliance Made Easy with Data Virtualization
GDPR Compliance Made Easy with Data Virtualization
Denodo
 
Building the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR ComplianceBuilding the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR Compliance
Index Engines Inc.
 
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredCountdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Precisely
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
GrittyCC
 
Top gdpr assessment tools
Top gdpr assessment toolsTop gdpr assessment tools
Top gdpr assessment tools
Rajivarnan R
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A Security
EQS Group
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
Cloudera, Inc.
 
Strategyzing big data in telco industry
Strategyzing big data in telco industryStrategyzing big data in telco industry
Strategyzing big data in telco industry
Parviz Iskhakov
 

Similar to GDPR- The Buck Stops Here (20)

Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR compliance
 
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout Plan
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod
 
BDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEs
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 
GDPR Compliance Made Easy with Data Virtualization
GDPR Compliance Made Easy with Data VirtualizationGDPR Compliance Made Easy with Data Virtualization
GDPR Compliance Made Easy with Data Virtualization
 
Building the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR ComplianceBuilding the Governance Ready Enterprise for GDPR Compliance
Building the Governance Ready Enterprise for GDPR Compliance
 
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredCountdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Top gdpr assessment tools
Top gdpr assessment toolsTop gdpr assessment tools
Top gdpr assessment tools
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A Security
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
 
Strategyzing big data in telco industry
Strategyzing big data in telco industryStrategyzing big data in telco industry
Strategyzing big data in telco industry
 

More from Kellyn Pot'Vin-Gorman

Redgate_summit_atl_kgorman_intersection.pptx
Redgate_summit_atl_kgorman_intersection.pptxRedgate_summit_atl_kgorman_intersection.pptx
Redgate_summit_atl_kgorman_intersection.pptx
Kellyn Pot'Vin-Gorman
 
SQLSatOregon_kgorman_keynote_NIAIMLEC.pptx
SQLSatOregon_kgorman_keynote_NIAIMLEC.pptxSQLSatOregon_kgorman_keynote_NIAIMLEC.pptx
SQLSatOregon_kgorman_keynote_NIAIMLEC.pptx
Kellyn Pot'Vin-Gorman
 
Boston_sql_kegorman_highIO.pptx
Boston_sql_kegorman_highIO.pptxBoston_sql_kegorman_highIO.pptx
Boston_sql_kegorman_highIO.pptx
Kellyn Pot'Vin-Gorman
 
Oracle on Azure IaaS 2023 Update
Oracle on Azure IaaS 2023 UpdateOracle on Azure IaaS 2023 Update
Oracle on Azure IaaS 2023 Update
Kellyn Pot'Vin-Gorman
 
IaaS for DBAs in Azure
IaaS for DBAs in AzureIaaS for DBAs in Azure
IaaS for DBAs in Azure
Kellyn Pot'Vin-Gorman
 
Being Successful with ADHD
Being Successful with ADHDBeing Successful with ADHD
Being Successful with ADHD
Kellyn Pot'Vin-Gorman
 
Azure DBA with IaaS
Azure DBA with IaaSAzure DBA with IaaS
Azure DBA with IaaS
Kellyn Pot'Vin-Gorman
 
Turning ADHD into "Awesome Dynamic Highly Dependable"
Turning ADHD into "Awesome Dynamic Highly Dependable"Turning ADHD into "Awesome Dynamic Highly Dependable"
Turning ADHD into "Awesome Dynamic Highly Dependable"
Kellyn Pot'Vin-Gorman
 
PASS Summit 2020
PASS Summit 2020PASS Summit 2020
PASS Summit 2020
Kellyn Pot'Vin-Gorman
 
DevOps in Silos
DevOps in SilosDevOps in Silos
DevOps in Silos
Kellyn Pot'Vin-Gorman
 
Azure Databases with IaaS
Azure Databases with IaaSAzure Databases with IaaS
Azure Databases with IaaS
Kellyn Pot'Vin-Gorman
 
How to Win When Migrating to Azure
How to Win When Migrating to AzureHow to Win When Migrating to Azure
How to Win When Migrating to Azure
Kellyn Pot'Vin-Gorman
 
Securing Power BI Data
Securing Power BI DataSecuring Power BI Data
Securing Power BI Data
Kellyn Pot'Vin-Gorman
 
Cepta The Future of Data with Power BI
Cepta The Future of Data with Power BICepta The Future of Data with Power BI
Cepta The Future of Data with Power BI
Kellyn Pot'Vin-Gorman
 
Pass Summit Linux Scripting for the Microsoft Professional
Pass Summit Linux Scripting for the Microsoft ProfessionalPass Summit Linux Scripting for the Microsoft Professional
Pass Summit Linux Scripting for the Microsoft Professional
Kellyn Pot'Vin-Gorman
 
Taming the shrew Power BI
Taming the shrew Power BITaming the shrew Power BI
Taming the shrew Power BI
Kellyn Pot'Vin-Gorman
 
PASS 24HOP Linux Scripting Tips and Tricks
PASS 24HOP Linux Scripting Tips and TricksPASS 24HOP Linux Scripting Tips and Tricks
PASS 24HOP Linux Scripting Tips and Tricks
Kellyn Pot'Vin-Gorman
 
Power BI with Essbase in the Oracle Cloud
Power BI with Essbase in the Oracle CloudPower BI with Essbase in the Oracle Cloud
Power BI with Essbase in the Oracle Cloud
Kellyn Pot'Vin-Gorman
 
ODTUG Leadership Talk- WIT and Sponsorship
ODTUG Leadership Talk- WIT and SponsorshipODTUG Leadership Talk- WIT and Sponsorship
ODTUG Leadership Talk- WIT and Sponsorship
Kellyn Pot'Vin-Gorman
 
Taming the shrew, Optimizing Power BI Options
Taming the shrew, Optimizing Power BI OptionsTaming the shrew, Optimizing Power BI Options
Taming the shrew, Optimizing Power BI Options
Kellyn Pot'Vin-Gorman
 

More from Kellyn Pot'Vin-Gorman (20)

Redgate_summit_atl_kgorman_intersection.pptx
Redgate_summit_atl_kgorman_intersection.pptxRedgate_summit_atl_kgorman_intersection.pptx
Redgate_summit_atl_kgorman_intersection.pptx
 
SQLSatOregon_kgorman_keynote_NIAIMLEC.pptx
SQLSatOregon_kgorman_keynote_NIAIMLEC.pptxSQLSatOregon_kgorman_keynote_NIAIMLEC.pptx
SQLSatOregon_kgorman_keynote_NIAIMLEC.pptx
 
Boston_sql_kegorman_highIO.pptx
Boston_sql_kegorman_highIO.pptxBoston_sql_kegorman_highIO.pptx
Boston_sql_kegorman_highIO.pptx
 
Oracle on Azure IaaS 2023 Update
Oracle on Azure IaaS 2023 UpdateOracle on Azure IaaS 2023 Update
Oracle on Azure IaaS 2023 Update
 
IaaS for DBAs in Azure
IaaS for DBAs in AzureIaaS for DBAs in Azure
IaaS for DBAs in Azure
 
Being Successful with ADHD
Being Successful with ADHDBeing Successful with ADHD
Being Successful with ADHD
 
Azure DBA with IaaS
Azure DBA with IaaSAzure DBA with IaaS
Azure DBA with IaaS
 
Turning ADHD into "Awesome Dynamic Highly Dependable"
Turning ADHD into "Awesome Dynamic Highly Dependable"Turning ADHD into "Awesome Dynamic Highly Dependable"
Turning ADHD into "Awesome Dynamic Highly Dependable"
 
PASS Summit 2020
PASS Summit 2020PASS Summit 2020
PASS Summit 2020
 
DevOps in Silos
DevOps in SilosDevOps in Silos
DevOps in Silos
 
Azure Databases with IaaS
Azure Databases with IaaSAzure Databases with IaaS
Azure Databases with IaaS
 
How to Win When Migrating to Azure
How to Win When Migrating to AzureHow to Win When Migrating to Azure
How to Win When Migrating to Azure
 
Securing Power BI Data
Securing Power BI DataSecuring Power BI Data
Securing Power BI Data
 
Cepta The Future of Data with Power BI
Cepta The Future of Data with Power BICepta The Future of Data with Power BI
Cepta The Future of Data with Power BI
 
Pass Summit Linux Scripting for the Microsoft Professional
Pass Summit Linux Scripting for the Microsoft ProfessionalPass Summit Linux Scripting for the Microsoft Professional
Pass Summit Linux Scripting for the Microsoft Professional
 
Taming the shrew Power BI
Taming the shrew Power BITaming the shrew Power BI
Taming the shrew Power BI
 
PASS 24HOP Linux Scripting Tips and Tricks
PASS 24HOP Linux Scripting Tips and TricksPASS 24HOP Linux Scripting Tips and Tricks
PASS 24HOP Linux Scripting Tips and Tricks
 
Power BI with Essbase in the Oracle Cloud
Power BI with Essbase in the Oracle CloudPower BI with Essbase in the Oracle Cloud
Power BI with Essbase in the Oracle Cloud
 
ODTUG Leadership Talk- WIT and Sponsorship
ODTUG Leadership Talk- WIT and SponsorshipODTUG Leadership Talk- WIT and Sponsorship
ODTUG Leadership Talk- WIT and Sponsorship
 
Taming the shrew, Optimizing Power BI Options
Taming the shrew, Optimizing Power BI OptionsTaming the shrew, Optimizing Power BI Options
Taming the shrew, Optimizing Power BI Options
 

Recently uploaded

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 

Recently uploaded (20)

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 

GDPR- The Buck Stops Here

  • 1. Kellyn Pot’Vin-Gorman, DevOps Engineer and now Data Platform Architect in Power BI and AI at Microsoft GDPR- The Buck Stops Here
  • 3. Free online webinar events Free 1-day local training events Local user groups around the world Online special interest user groups Business analytics training Get involved Explore everything PASS has to offer Free Online Resources Newsletters PASS.org
  • 4. Download the GuideBook App and search: PASS Summit 2018 Follow the QR code link displayed on session signage throughout the conference venue and in the program guide Session evaluations Your feedback is important and valuable. Go to passSummit.com 3 Ways to Access: Submit by 5pm Friday, November 16th to win prizes.
  • 5. • /kellyngorman • @DBAKevlar • kellyngorman Kellyn Pot’Vin-Gorman Data Platform Architect at Microsoft, EDU Team Former Technical Intelligence Manager, Delphix • Multi-platform DBA, (Oracle, MSSQL, MySQL, Sybase, PostgreSQL, Informix…) • Oracle ACE Director, (Alumni) • Oak Table Network Member • Idera ACE Alumni 2018 • STEM education with Raspberry Pi and Python, including DevOxx4Kids, Oracle Education Foundation and TechGirls • Former President, Rocky Mtn Oracle User Group • Current President, Denver SQL Server User Group • Linux and DevOps author, instructor and presenter. • Blogger, (http://dbakevlar.com) Twitter: @DBAKevlar
  • 6. GDPR FAQs • GDPR, (General Data Protection Regulations) went into effect for world compliance to the EU requirements on May 25, 2018. • Doesn’t just cover websites. • Was put into effect in the EU on January 2017. • Trivia- When did most of EU start to panic about GDPR? When did most in the US start to panic about GDPR? What is the maximum fine if charged with violation of GDPR? http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion- recommendation/files/2014/wp216_en.pdf
  • 7. The EU • With Brexit, England will be leaving the EU. • Who thought Norway WAS part of the EU? • Who isn’t surprised that Switzerland isn’t part of the EU? • What is citizens are traveling, staying or online?
  • 8. What is GDPR Data? Standard Personal Data: Name, Address, Phone Number Identification Numbers: Social Security Numbers, IP Address Medical and Financial Information Cookies, Geo Tracking Info
  • 9. What is GDPR Critical Data? • Any data that belongs to an EU citizen. • Name, address and/or phone number • Email address or URL • Banking Details • Social Security Number • Medical Information • IP Address • Posts on Social Media
  • 10. Fines with GDPR Non-Compliance The data breach penalties are either a fine of up to €10 million or 2% of annual revenue, or up to €20m or 4% of annual revenue.
  • 11. What is the DBAs Role in GDPR? • You have the role of controller and protector of the data. • You will be responsible for: • Identifying critical data. • Auditing and a process to continue to identify critical data. • Formal process to update or remove critical data. • Ability to report on GDPR compliance.
  • 13. GDPR Responsibility • Although quite detailed, you must have the following to be compliant: • The citizen has given consent to the processing of his or her personal data; • You must have contractual obligations with a individual, or for tasks at the request of a data subject who is in the process of entering into a contract; • It must comply with a data controller's legal obligations; • It must protect the vital interests of a data subject or another individual; • Must perform a task in the public interest or in official authority; • It must be for legitimate interests of a data controller or a third party, unless these interests are overridden by interests of the data subject or her or his rights according to the Charter of Fundamental Rights (especially in the case of children).
  • 14. “There is a general lack of agreement about what exactly GDPR compliance is…” Graham Dufault, Senior Director for Public Policy ACT | The App Association.
  • 15. Responsibility Companies must provide REASONABLE levels of data protection- what does this mean?
  • 16. Claudette Meets GDPR Project • Used an AI tool, (Claudette) in June, 2018, to assess automatically whether privacy policies were compliant for GDPR for 14 companies • The companies, (Amazon, Apple, Microsoft, WhatsApp, Twitter, Uber, AirBnB, Booking, Skyscanner, Netflix, Steam and Epic Games) were chosen as the most used services in a selection of sectors and as good examples. • Claudette expected the compliance to be comprehensive of all required information to GDPR and comprehensible to anyone working with it. • There was a golden standard devised, a model that Claudette used for the assessment. • All fourteen companies failed the assessment. https://www.beuc.eu/publications/beuc-x-2018-065_faq_-_artificial_intelligence_meets_gdpr.pdf
  • 17. Claudette Lessons Learned • None of the companies provided all the information required by GDPR • Data processing is continually at odds with how GDPR requirements assume it is. • No banner agreement on a website conveys agreement to privacy policies for GDPR to a website, (which we’ll cover more later on.) • Due to the complex wording and lacking information in policies, it’s almost impossible for any user to know what they’ve agreed to regarding their data privacy where GDPR is concerned. https://www.beuc.eu/publications/beuc-x-2018-065_faq_-_artificial_intelligence_meets_gdpr.pdf
  • 19. The Conundrum • Companies are already strapped with standard regulatory requirements and security issues. • Due to demands from SOX, HIPAA and PII • GDPR has raised the pofile of data privacy and cybersecurity to a buzzword within the C-level. • The rise of the Chief Security Officer, (CSO) has begun. • By the May deadline, it was an $8 billion investment
  • 20. This is a Technical Overview of Handling GDPR So what can you do with GDPR to cover your ass(ets)?
  • 23. Adopt Cybersecurity and Privacy Framwork • Use a common framework, approved as compliant with GDPR for policies and procedures. • Have the buy in from the entire IT department and the business owner. • Well documented policies with clear and concise terminology of what is covered. • As enhancements or new features are added, ensure that documentation is up to date.
  • 25. Third Party Vendors • Third party vendors must take appropriate steps to be GDPR compliant • Data residing in their systems. • Data in transit • Shared with third parties or partners. • As the source who collected the data is accountable, not the third party, this is as important as securing your own systems. • Have a full contract stating what is covered by the GDPR agreement
  • 26. Multi-factor authentication Build it into EVERYTHING. Consider incorporating secondary authentication into smart phones using smart unlocks and smart scans.
  • 28. Having a Sign-off Agreement Isn’t enough • Many sites have GDPR agreements on their web portal or site. • This is simply an agreement that says the customer knows the site collects personal identifying data. This is not GDPR At the Web Tier, you must • Know what data is cached or stored at the web tier. • Have a process to audit and remove if requested from the user. • Have a way to track all of these procedures.
  • 29. Data Mapping • Diagrams must map where data is located and where it goes inside every data system in the company.
  • 30. Client Applications • Identify Where Data is Stored: • Flat files, including workstation copies of MS Access, Excel and even Notepad. • Consider adding encryption at the application and host level. • Purge system of unnecessary copies that could result in a breach. • Build audit procedures into transactional applications that will track GDPR data.
  • 31. Analytics • To enhance performance and ease visuals- • Localized datasets in analytics tools • A Tabular data model in an Analysis Server is still data stored outside of the source database. • Know that data sets that are found in analytics tools, (like Power BI) may come from relational databases, Access, Excel and CSV files. • Ease of access results in complex auditing of analytics systems.
  • 33. Form A GDPR Team • Business User • Application Support • System Administrator • Database Administrator • Project Manager
  • 34. How to Take on a GDPR Project • Identify areas under GDPR • Create outline of what data must be protected. • Design processes and procedures to identify critical data. • Use third party tools and features for auditing and mature tracking of GDPR data. • All team members MUST understand the importance of GDPR.
  • 35. Data Vulnerabilities • Data cached at application level and available to users. • Flat files that may support data, along with keys that may be vulnerable and used for encryption. • Analytics Data and tabular models that may store critical data • Backups, data retained for records.
  • 36. Categorizing Environments All environments are not created equal. • Treat applications and analytics to the same requirements if data is stored within. • Don’t implement the same solutions to development, test and QA/Unit testing as staging and production.
  • 38. Encryption of Data- Production • Obfuscates data with the user of encryption keys. • Without the appropriate key and/or password, the data is useless. • Limits risk if data is breached outside the data, even if the access is at the host level, as the data is still encrypted. • Beneficial when data is accessible from public networks or websites. • Does not replace security procedures- at host and application level.
  • 39. Dynamic Data Masking- True Masking? • Excellent to protect from data “above the covers” • Less acceptable in terms of breeches or commandeered data environments. Don’t rely on this solution for enterprise data protection of critical, GDPR requirements.
  • 41. Irreversible Masking Data and Masking of Non-Prod • Is different, (PII, HIPPA, PCI, etc.) as it renders the information useless from a security standpoint, even if there is a full copy of the database breeched. • Resolves both the technical and personal responsibility issue. • The data can be masked before it moves to non-production, removing risk. • As discussed, 80% of data on average is non-production. • Must have a robust discovery and identification process. • Masks all data and if it does it for strings in data stores and flat files, this is a bonus!
  • 43. Demo
  • 44. Data Virtualization, On-Prem with Masking Source 8 TB database Masking Engine Application Server File Server
  • 45. Confidential Data with Masking Exposure Production Non-production Encryption Mask Solution
  • 47. Don’t Store These in the Database • Encryption keys • License keys • Environment passwords and directories • AND Database Passwords Passwords should never be in clear text….ever. Use Azure Key Vault
  • 48. Block Chain is Cool! Not so much for GDPR Blockchain is- • Immutable digital ledger • Stored in a block • Added to a chain once verified • Decentralized This makes it very difficult for GDPR procedures
  • 49. Blockchain Requires Unique Procedures B B B B B B B B B B B B
  • 50. The Future with Data Protection • Eleven other states will have similar data protection and breach notification laws going in front of voters this election. • There is an added complexity that its state driven vs. federal, (i.e. like EU’s solution) • July, 2018, Senator Mark Warner released a position paper that’s gaining a lot of attention and encompasses the major areas of GDPR. • New companies who will make it their business to audit companies, collect fines and profit from part of this money that is agreed upon with the EU. • Google’s “Framework for Responsible Data Protection Regulation” was released in September, a month before the 500K breach. More companies are expected to follow suit.
  • 51. Half GDPR Compliance Doesn’t Make You Compliant • A GDPR Security Team is a must for any company • Identification of all GDPR data is essential • Business users must understand the importance of GDPR • Most GDPR violations will be found to be unintentional by users making copies from secure systems. • Analytics Environments and Block Chain create complex challenges for GDPR • Work to combine other security projects and frameworks into one with GDPR, (CCPA, SOX, HIPAA, etc.) to create efficiency.
  • 52. Data is the Centric to GDPR • Identify • Secure • Audit • Track • Remove Databases • Big Data • Analytics tools • Application tier Not the only place data resides
  • 53. Summary Invest in policies that make sense and can grow with the organization Dedicate resources to GDPR, but combine them with other security groups when possible. Incorporate cybersecurity as the first line of defense. Not all data obfuscation is the same. Don’t treat all environments the same. Data doesn’t just reside in the database.
  • 54. Thank You Learn more from Kellyn Pot’Vin-Gorman @DBAKevlar kegorman@Microsoft.com