The document discusses the General Data Protection Regulation (GDPR) which takes effect in May 2018 and aims to strengthen data privacy for EU residents. It outlines key aspects of GDPR including expanded individual rights to access, correct, and delete personal data. Companies are required to demonstrate compliance, notify authorities of data breaches within 72 hours, and comply with individual's requests without delay. GDPR poses challenges for companies in meeting the compliance deadline, ensuring data processing and storage is necessary, minimizing and transparent while respecting individual rights. Big data requires unique treatment under GDPR due to its unstructured nature.

1. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
GDPR - You can’t eat an
artichoke with knife and fork
By: Laura Eisenhardt, EVP Europe
Utrecht, 21 september 2017

2. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
WHAT is GDPR?
General Data Protection Regulation is designed to protect the
privacy of all residents of EU member countries (regardless of
WHERE the company is located or where the data reside).
• Harmonizes data privacy rules across EU
• Includes all data: structured,unstructured AND BIG DATA
• Impacts all companies that have EU Customers
• Cost of non-compliance (4% of Global revenues or €20M
which ever is higher) per incident

3. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
Some Important changes of GDPR relative to earlier legislation:
Focus on data minimisation
Stricter control of personal data
Right of access, portability
The right to be forgotten / not to be identified as an individual
Explicit consent required for each use of data
Risk analysis
Notification of breach within 72 hours
Stricter documentation requirements
Privacy agent/adviser: DPO
Built-in privacy when implementing new solutions
Hard sanctions
GDPR Compliance does not distinguish between structured, unstructured or Big Data.
ALL your data need to be compliant!!

4. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
Acting on Compliance is both IMPORTANT and URGENT
• Effective 25 MAY 2018 (there is no leeway, as the
final text is adopted, we are already in a transition
period)
• Activists, politicians and the EU itself will be
prepared to “hit” certain targets as of that date
(Small, Medium and Large across all industries)
• Extended scope and rights increase vulnerability
Urgent
• High cost of non-compliance: fines of up to 20M or
4% of gross revenue, per incident, can wipe a
company out in one blow
• Applies to ALL organisations with data about EU
residents, whether EU based or not
• At the same time data is exploding in volume AND
in proliferation: 90% of the worlds data volume was
generated in the past 24 months!
Important

5. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
What is the right focus?
The “typical” focus is the Security layer.
But the policy focus is on DATA.
The core purpose of GDPR is the expanded individual rights of EU
data subjects
and the mirror of that the expanded obligations of organisations
holding data on EU data subjects
• Access – Notification – Restriction – Removal
• Demonstrate – Notify – Comply - Repair

6. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
Expanded Citizens Rights
• Have full insight
on what data is
being held about
you
• Where this data
resides
• For what
purpose is your
data being held
• Demand data to
be corrected or
completed
• 72 Hours to inform
customers of data
breach
• Ability to document
process
• Ensure you have
notified the right
customers
• Limit the
utilization of the
data at large and
verify that the
declared purpose is
respected
• Including sharing
information across
your enterprise and
brands
…Gives individuals ownership of their data and how it is used
Access Notification RemovalRestriction
• “Right to Be
Forgotten”
Complete removal
of citizen
information and
the ability to
document process

7. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
Wider obligations of organisations
• That your business
has taken all
appropriate
measures on an
organizational and
technical level to
comply with the
GDPR guideline by
May 25, 2018
Demonstrate
• The relevant
authorities AND all
affected customers
of a breach in data
security, within 72
hours of an
occurrence
Notify
• With any individuals
request to exercise
their rights under
this regulation,
without delay
Comply Repair
….Requires organizations to be transparent and responsive
• Any incorrect or
incomplete
information
pertaining to an
EU Citizen, upon
their request.
• Any infraction of
misused data

8. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
In summary, the GDPR challenges are
Time pressure: compliance deadline 25th May, 2018
Respecting necessity, minimization, purpose and transparency in
processing
Visibility and traceability of data collection, storage and processing
Having a single view of each data subject, so response is correct and
complete

9. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
Challenges with Big Data in GDPR’s context
• Do you eat soup, an apple and an artichoke the same way?
Discovery – very different
Big Data requires a unique treatment
Structure - different from structured or unstructured data.
 Compare translating English into German versus Chinese into Arabic:
 Two completely different sets of characters, vertical to horizontal
Variety
 - tools need to work on Hadoop, including data from AWS or Azure
 - tools need to work on structured, unstructured and Big Data: ALL data

10. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
Process Overview
Data Sources Data Ingestion
Discover
Classification
Discovery,
Classification
Gathering
Various Dashboards
Breach & Notification,
Complaint Mgmt.
Self Service, Data
correction, Erasure…
Operate
Security&ComplianceMonitoring
People, Processes, Frameworks & Technology
Data Integration &
Catalog
Link & Catalog

11. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
Technical Solution Overview
Data Sources Data Ingestion
Consolidation, Catalog
Creation & Lineage Tracking
Operate
Rights of Data
Subjects
Data Portability &
Erasure
Data Breaches
Data Discovery, Data
Quality & Enrichment
HadoopCluster/DataLake
e.g., Sqoop, Kafka etc. e.g., Apache Atlas, Cloudera Navigator,

12. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
iKnow Solutions – Data Discovery

13. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
Cloudera Navigator – Data Discovery

14. Klik om de tekststijl
van het model te
bewerken
Tweede niveau
Derde niveau
Vierde niveau
Vijfde niveau
Conclusion:
You need one toolset that is a peeler, poacher and spoon in
one
GDPR violations will be consumer-complaint driven
The major ones:
 Right to know
 Right to modify
 Right to be forgotten
 Obligation to notify
iKnow ”knows”..... and has a plan !