SlideShare a Scribd company logo
SACONSensitivity: Internal & Restricted
SACON International 2020
India | Bangalore | February 21 - 22 | Taj Yeshwantpur
Personal Data Discovery &
Mapping
#SACON
Ramkumar Narayanan
Wipro Limited
Practice Partner – Data Privacy
SACON 2020
Sensitivity: Internal & Restricted
1. Challenges in Building Data Map
2. Approach & Methodologies for Data Mapping
3. Tools & Technologies for Data Mapping
4. Sustenance of Data Mapping & Data Inventory
5. Case Studies
Agenda
SACON 2020
Sensitivity: Internal & Restricted
Challenges in Building Data
Map
SACON 2020
Sensitivity: Internal & Restricted
In a world of hyper connected ecosystem
✓ Personal data is generated and captured across
multiple channels.
✓ Personal data is proliferated across different
infrastructures and platforms.
Enterprise Storage Systems
Databases End Points
Cloud Unstructured
Data
✓ Personal data is being used and shared by many.
Organizations are unable to follow the footprint of data to apply required controls to protect personal data.
SACON 2020
Sensitivity: Internal & Restricted
The foundational step in data protection journey is to understand the
lifecycle of personal data
Understanding the flow of personal data in an enterprise is critical and is easier said than done.
SACON 2020
Sensitivity: Internal & Restricted
Need for data mapping and creating an inventory of personal data
• A data inventory is a record of the data flows and assets that an organization handles and a data map is a visual representation of the data
inventory. It is generated based on the same underlying data inventory, and the maps may contain varying degree of detail.
GDPR Requirements
Article 30 of GDPR requires data
controllers and data processors to build
and maintain a record of their data
processing activities.
01
Privacy Statements
To make privacy statements accurate
based on what the organization is doing
with the personal data.
Individual Rights Management
Data Privacy regulations gives individuals the ability
to request to correct, port, access and delete the
data organizations have about them.
02
04
Data Breach Preparation & Response
Having a data map can help respond more
appropriately to data breach and understand
what data may have been exposed.
05
Security
Understanding where the personal data
is located and flowing is the first step to
understand the security risks which
allows to implement appropriate
safeguards to be put in place.
03
Building a data inventory and map can help organizations proactively manage and protect personal data.
SACON 2020
Sensitivity: Internal & Restricted
However there are some challenges in building a data map
Challenges in
Building a Data
Map
Poor Information Available
Lack of Precision &
Expertise
Time Consuming
Outdated Quickly
Poor Information Available
Lack of knowledge available within the various business
teams in an enterprise about the data flows
Lack of Precision & Expertise
The accuracy of data mapping depends on how
comprehensive it is. It must account for things like
mobile devices and cloud based applications etc..
Time Consuming
Building data maps through an interview based
approach is time consuming.
Outdated Quickly
Data mapping patterns need to be constantly
updated, evaluated and verified for quality. If not it
becomes obsolete very quickly.
Need for an automated approach for data mapping & inventory
SACON 2020
Sensitivity: Internal & Restricted
Approach & Methodologies for
Data Mapping
SACON 2020
Sensitivity: Internal & Restricted
In order to build a data map and inventory, start with an understanding of
the 5W’s of personal data
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” – Sun Tzu, The Art of War
• are we?
(Controller or
Processor)
• are our data
subjects?
(Customers /
Employees etc.)
• are the categories
of recipients to
whom data will be
disclosed?
• do we keep their
personal data?
(Databases, File
Servers, Cloud
storage etc.)
• do we transfer their
personal data to?
(Jurisdictions)
• is personal data
under our control?
(purpose for which
data is collected and
stored)
• are we keeping the
personal data until?
(Retention Period)
• do we share
personal data with
others (Partners,
Regulators,
Governement
authorities etc.)
• data types are
involved in the
processing?
• jurisdictions are
involved in the
processing?
• technical security
measures and
organizational
security measures
do we have to
safeguard the
personal data?
WHO WHERE WHY WHEN WHAT
SACON 2020
Sensitivity: Internal & Restricted
There are 2 approaches to do data mapping in an enterprise
Top-Down Approach
QUESTIONNAIRE
INTERVIEWS
BUSINESS
PROCESS
DATA
ELEMENTS
DATA
DATA SOURCES
DATA
CLASSIFICATION
Bottom-Up Approach
DATA
ELEMENTS
DATA
DATA
DISCOVERY
SACON 2020
Sensitivity: Internal & Restricted
Leverage a combination of Top Down and Bottom Up approach for
building the data map and data inventory
Identify purpose of processing
(Example Customer Support,
Billing, Charge Calculation,
Marketing Research, Credit Check,
Goods & Services, Statistical
Analysis etc.
7 81 2 4 53 6
Identify Business Unit data
mapping owners from each of
the Business Units like Finance,
Consumer, Technology, Retail,
HR, Enterprise, Consumer
Operations etc.
Identify key stakeholders from each
business unit that have information
on the processing activities in each
purpose of processing
Capture information on the source
and location of personal data using
personal data discovery solutions,
the entry point for personal data,
format in which data is stored, where
is it getting stored, countries in which
it is getting stored, locations from
which it is accessed and to whom it
is being disclosed, retention etc.
Manage the data inventory and
data mapping in a Privacy
Management Platform or a GRC
solution to keep it alive in an
ongoing manner.
Identify Business Processes such
as customer acquisition,
Provisioning & Welcome, Customer
service, Billing, Collection &
Retention, Terminate, Recruitment,
Hiring, Pre-On-boarding, Post-
joining, Retire / Exit etc.
Conduct data mapping interviews to
Identify the categories of data
subjects (Consumer, Enterprise
customer, Subscriber, Employees
etc.) and sub categories of personal
data (Recruitment data, account
data, call data, location data, device
data etc.) processed
Document data maps & Validate
data flow and sign off on the
personal data inventory.
SACON 2020
Sensitivity: Internal & Restricted
Tools & Techniques for Data
Mapping
SACON 2020
Sensitivity: Internal & Restricted
Data Flow Mapping Techniques
Inspect existing
documents
Observation
Questionnaire
Post-it Notes
Template drawings
Facilitation Workshops
Whiteboard – Freeform Diagrams
SACON 2020
Sensitivity: Internal & Restricted
Automate the discovery of personal data in the enterprise
Data Discovery throughout the enterprise is easier said than done.
Data
Discovery
Personal Data Discovery
• Personal Data Discovery solutions
searches for personal data across the
enterprise and cloud and correlates them
to the identities. It relies on data values
and context to find primary and related
or connected data.
Types of Data Sources
• Structured Data Sources (Oracle,
MySQL, MSSQL, Redshift etc.
• Semi-Structured Data Sources
(Cassandra, MongoDB etc.)
• Unstructured (Google Drive, OneDrive,
O365, SharePoint, Salesforce etc.
PII Data Discovery
• PII Data Discovery solutions helps you
find Personally Identifiable Information
(PII) on enterprise systems based on
data values and data patterns (regular
expressions).
Types of Data Sources
• Structured
• Unstructured
SACON 2020
Sensitivity: Internal & Restricted
PII Data Discovery – Approach & Methodology
Challenges in PII Data Discovery
1. False Positives – Time consuming to eliminate them.
2. Discovery Output – Discovery output is what type of data, but not whose data it is.
3. Continuous Compliance – Compliance requirements are continuous and hence one time scans not sufficient.
PII Data Discovery Tools
SACON 2020
Sensitivity: Internal & Restricted
Personal Data Discovery – Approach & Methodology
• Personal Data Discovery solution is pointed to examples of whatever identity data being discovered.
• System uses seed data as learning set to then scan other data sources, initially looking for learned data and then other nearby data with high correlation
back to identities. The system then reiterates on this, building a map of individual’s data across all kinds of data sources ranging from database to file
share, to mainframe to Hadoop to SAP to cloud etc.
Agentless
Any data type
Cloud
Mine Machine Manage
API
Reporting
Analysis
Machine Learning
driven correlation
Personal Data Discovery Tools
SACON 2020
Sensitivity: Internal & Restricted
Tools Used for Data Mapping
Usage
Storage
Transfer
Archival
RetentionCollection
Collection
Purge
A visual representation of the end-to-end data
flows of personal information processing
activities identified across the enterprise.
Data Mapping Tools
SACON 2020
Sensitivity: Internal & Restricted
Create a “Single Source of Truth” for Personal Information Processing
Business units
/ functions
Business
process
Contracts
Supplier / 3rd party
vendor
PII processing
activity records
PII
Country Contacts Assets
Comprehensive Privacy Reporting
GRC Platform /
Privacy Management
Platform
Privacy
Governance
Alerts &
Notifications
Workflows
Metrics &
Reporting
Privacy Incident
Management
Breach
Notifications
DPO Report System / App Report Top 100 DB Report BU / Function ReportPIA Report
Privacy impact
Assessment(s)
Vendor Privacy
Questionnaire
Data Discovery
Scanning Feeds
Privacy
audits
Inventory Framework
• A comprehensive, accurate
and sustainable source of
information regarding the PII
that an enterprise holds, with
details of its collection, use,
disclosure, retention and
disposal
• Demonstrate compliance to
wider Privacy legal and
regulatory requirements with
the data privacy inventory
SACON 2020
Sensitivity: Internal & Restricted
Sustenance of Data Mapping
& Data Inventory
SACON 2020
Sensitivity: Internal & Restricted
Keep Your Data Map & Data Inventory Current
Integrate & Automate PIA / DPIA
process into Data Inventory
PIA / DPIA Integration
Conduct periodic audits to
ensure data flows remain up to
date. Re-audit certain data
flows or applications on a
different time scale.
Automate Audits
Leverage data discovery solutions to
dynamically populate the inventory
based on discovery scan output.
Ongoing Data Discovery
Get attestation of records in
data inventory by the record
owner
Record Attestation
Feed the ongoing vendor
assessments into the
inventory
Ongoing Vendor
Assessments Leverage technology to
automate the data flow
maps dynamically.
Update Visual Maps
SACON 2020
Sensitivity: Internal & Restricted
Case Studies
SACON 2020
Sensitivity: Internal & Restricted
SACON 2020
Sensitivity: Internal & Restricted
SACONSensitivity: Internal & Restricted
SACON International 2020
India | Bangalore | February 21 - 22 | Taj Yeshwantpur
Thank You

More Related Content

What's hot

How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
Ulf Mattsson
 
The emerging pci dss and nist standards
The emerging pci dss and nist standardsThe emerging pci dss and nist standards
The emerging pci dss and nist standards
Ulf Mattsson
 
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Microsoft Österreich
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
Priyanka Aash
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Ulf Mattsson
 
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
Micro Focus
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
Ulf Mattsson
 
How to secure your business on the cloud? practical approach from strategy to...
How to secure your business on the cloud? practical approach from strategy to...How to secure your business on the cloud? practical approach from strategy to...
How to secure your business on the cloud? practical approach from strategy to...
Aladdin Dandis
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...
Martin Ruubel
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)
Eryk Budi Pratama
 
Data Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption StandardData Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption Standard
YogeshIJTSRD
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Martin Ruubel
 
The day when role based access control disappears
The day when role based access control disappearsThe day when role based access control disappears
The day when role based access control disappears
Ulf Mattsson
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
Rohit Kapoor
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniques
VISTA InfoSec
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
Martin Ruubel
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud Identity
NetIQ
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime Whitepaper
Martin Ruubel
 

What's hot (20)

How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
The emerging pci dss and nist standards
The emerging pci dss and nist standardsThe emerging pci dss and nist standards
The emerging pci dss and nist standards
 
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
 
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 
How to secure your business on the cloud? practical approach from strategy to...
How to secure your business on the cloud? practical approach from strategy to...How to secure your business on the cloud? practical approach from strategy to...
How to secure your business on the cloud? practical approach from strategy to...
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...
 
Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)Emerging Technology Risk Series - Internet of Things (IoT)
Emerging Technology Risk Series - Internet of Things (IoT)
 
Data Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption StandardData Security by AES Advanced Encryption Standard
Data Security by AES Advanced Encryption Standard
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
 
The day when role based access control disappears
The day when role based access control disappearsThe day when role based access control disappears
The day when role based access control disappears
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
 
Reducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniquesReducing cardholder data footprint with tokenization and other techniques
Reducing cardholder data footprint with tokenization and other techniques
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud Identity
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime Whitepaper
 

Similar to (SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges faced, Methodologies & Tools employed​

Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Steven Meister
 
Unified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge GraphUnified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge Graph
Vaticle
 
From Asset to Impact - Presentation to ICS Data Protection Conference 2011
From Asset to Impact - Presentation to ICS Data Protection Conference 2011From Asset to Impact - Presentation to ICS Data Protection Conference 2011
From Asset to Impact - Presentation to ICS Data Protection Conference 2011
Castlebridge Associates
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
UL Transaction Security
 
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Stratio
 
DBAs - Is Your Company’s Personal and Sensitive Data Safe?
DBAs - Is Your Company’s Personal and Sensitive Data Safe?DBAs - Is Your Company’s Personal and Sensitive Data Safe?
DBAs - Is Your Company’s Personal and Sensitive Data Safe?
DevOps.com
 
Workable Enteprise Data Governance
Workable Enteprise Data GovernanceWorkable Enteprise Data Governance
Workable Enteprise Data Governance
Bhavendra Chavan
 
Fuel your Data-Driven Ambitions with Data Governance
Fuel your Data-Driven Ambitions with Data GovernanceFuel your Data-Driven Ambitions with Data Governance
Fuel your Data-Driven Ambitions with Data Governance
Pedro Martins
 
Dark Data Revelation and its Potential Benefits
Dark Data Revelation and its Potential BenefitsDark Data Revelation and its Potential Benefits
Dark Data Revelation and its Potential Benefits
PromptCloud
 
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
Albert Hoitingh
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data Governance
Kim Cook
 
data collection, data integration, data management, data modeling.pptx
data collection, data integration, data management, data modeling.pptxdata collection, data integration, data management, data modeling.pptx
data collection, data integration, data management, data modeling.pptx
Sourabhkumar729579
 
Simplify your analytics strategy
Simplify your analytics strategySimplify your analytics strategy
Simplify your analytics strategy
Priya Malhotra
 
Deliver Data Governance with a “Yes”
Deliver Data Governance with a “Yes”Deliver Data Governance with a “Yes”
Deliver Data Governance with a “Yes”
Jean-Michel Franco
 
Delivering data governance with a Yes
Delivering data governance with a YesDelivering data governance with a Yes
Delivering data governance with a Yes
Jean-Michel Franco
 
DataOps - Big Data and AI World London - March 2020 - Harvinder Atwal
DataOps - Big Data and AI World London - March 2020 - Harvinder AtwalDataOps - Big Data and AI World London - March 2020 - Harvinder Atwal
DataOps - Big Data and AI World London - March 2020 - Harvinder Atwal
Harvinder Atwal
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
Gary Dodson
 
Discovering Big Data in the Fog: Why Catalogs Matter
 Discovering Big Data in the Fog: Why Catalogs Matter Discovering Big Data in the Fog: Why Catalogs Matter
Discovering Big Data in the Fog: Why Catalogs Matter
Eric Kavanagh
 
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxDATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
SteveNgigi2
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
Alistair Pugin
 

Similar to (SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges faced, Methodologies & Tools employed​ (20)

Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
 
Unified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge GraphUnified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge Graph
 
From Asset to Impact - Presentation to ICS Data Protection Conference 2011
From Asset to Impact - Presentation to ICS Data Protection Conference 2011From Asset to Impact - Presentation to ICS Data Protection Conference 2011
From Asset to Impact - Presentation to ICS Data Protection Conference 2011
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...
 
DBAs - Is Your Company’s Personal and Sensitive Data Safe?
DBAs - Is Your Company’s Personal and Sensitive Data Safe?DBAs - Is Your Company’s Personal and Sensitive Data Safe?
DBAs - Is Your Company’s Personal and Sensitive Data Safe?
 
Workable Enteprise Data Governance
Workable Enteprise Data GovernanceWorkable Enteprise Data Governance
Workable Enteprise Data Governance
 
Fuel your Data-Driven Ambitions with Data Governance
Fuel your Data-Driven Ambitions with Data GovernanceFuel your Data-Driven Ambitions with Data Governance
Fuel your Data-Driven Ambitions with Data Governance
 
Dark Data Revelation and its Potential Benefits
Dark Data Revelation and its Potential BenefitsDark Data Revelation and its Potential Benefits
Dark Data Revelation and its Potential Benefits
 
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
ExpertsLive NL 2022 - Microsoft Purview - What's in it for my organization?
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data Governance
 
data collection, data integration, data management, data modeling.pptx
data collection, data integration, data management, data modeling.pptxdata collection, data integration, data management, data modeling.pptx
data collection, data integration, data management, data modeling.pptx
 
Simplify your analytics strategy
Simplify your analytics strategySimplify your analytics strategy
Simplify your analytics strategy
 
Deliver Data Governance with a “Yes”
Deliver Data Governance with a “Yes”Deliver Data Governance with a “Yes”
Deliver Data Governance with a “Yes”
 
Delivering data governance with a Yes
Delivering data governance with a YesDelivering data governance with a Yes
Delivering data governance with a Yes
 
DataOps - Big Data and AI World London - March 2020 - Harvinder Atwal
DataOps - Big Data and AI World London - March 2020 - Harvinder AtwalDataOps - Big Data and AI World London - March 2020 - Harvinder Atwal
DataOps - Big Data and AI World London - March 2020 - Harvinder Atwal
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
Discovering Big Data in the Fog: Why Catalogs Matter
 Discovering Big Data in the Fog: Why Catalogs Matter Discovering Big Data in the Fog: Why Catalogs Matter
Discovering Big Data in the Fog: Why Catalogs Matter
 
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxDATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
 

More from Priyanka Aash

Keynote : Presentation on SASE Technology
Keynote : Presentation on SASE TechnologyKeynote : Presentation on SASE Technology
Keynote : Presentation on SASE Technology
Priyanka Aash
 
Keynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive SecurityKeynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive Security
Priyanka Aash
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity ApplicationsDemystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity Applications
Priyanka Aash
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
Priyanka Aash
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
Priyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
Priyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
Priyanka Aash
 

More from Priyanka Aash (20)

Keynote : Presentation on SASE Technology
Keynote : Presentation on SASE TechnologyKeynote : Presentation on SASE Technology
Keynote : Presentation on SASE Technology
 
Keynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive SecurityKeynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive Security
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
 
Demystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity ApplicationsDemystifying Neural Networks And Building Cybersecurity Applications
Demystifying Neural Networks And Building Cybersecurity Applications
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
 
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
 
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf(CISOPlatform Summit & SACON 2024) Incident Response .pdf
(CISOPlatform Summit & SACON 2024) Incident Response .pdf
 
(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf(CISOPlatform Summit & SACON 2024) GRC.pdf
(CISOPlatform Summit & SACON 2024) GRC.pdf
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 

Recently uploaded

LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf
LeadMagnet IQ Review:  Unlock the Secret to Effortless Traffic and Leads.pdfLeadMagnet IQ Review:  Unlock the Secret to Effortless Traffic and Leads.pdf
LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf
SelfMade bd
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
David Wilson
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
ankush9927
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
FIDO Alliance
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
bellared2
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 
Camunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptxCamunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptx
ZachWylie3
 
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
FIDO Alliance
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
Baishakhi Ray
 
kk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdfkk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdf
KIRAN KV
 
Zaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdfZaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdf
AmandaCheung15
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
DianaGray10
 

Recently uploaded (20)

LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf
LeadMagnet IQ Review:  Unlock the Secret to Effortless Traffic and Leads.pdfLeadMagnet IQ Review:  Unlock the Secret to Effortless Traffic and Leads.pdf
LeadMagnet IQ Review: Unlock the Secret to Effortless Traffic and Leads.pdf
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 
Camunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptxCamunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptx
 
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
UX Webinar Series: Essentials for Adopting Passkeys as the Foundation of your...
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
 
kk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdfkk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdf
 
Zaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdfZaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdf
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
 

(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges faced, Methodologies & Tools employed​

  • 1. SACONSensitivity: Internal & Restricted SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur Personal Data Discovery & Mapping #SACON Ramkumar Narayanan Wipro Limited Practice Partner – Data Privacy
  • 2. SACON 2020 Sensitivity: Internal & Restricted 1. Challenges in Building Data Map 2. Approach & Methodologies for Data Mapping 3. Tools & Technologies for Data Mapping 4. Sustenance of Data Mapping & Data Inventory 5. Case Studies Agenda
  • 3. SACON 2020 Sensitivity: Internal & Restricted Challenges in Building Data Map
  • 4. SACON 2020 Sensitivity: Internal & Restricted In a world of hyper connected ecosystem ✓ Personal data is generated and captured across multiple channels. ✓ Personal data is proliferated across different infrastructures and platforms. Enterprise Storage Systems Databases End Points Cloud Unstructured Data ✓ Personal data is being used and shared by many. Organizations are unable to follow the footprint of data to apply required controls to protect personal data.
  • 5. SACON 2020 Sensitivity: Internal & Restricted The foundational step in data protection journey is to understand the lifecycle of personal data Understanding the flow of personal data in an enterprise is critical and is easier said than done.
  • 6. SACON 2020 Sensitivity: Internal & Restricted Need for data mapping and creating an inventory of personal data • A data inventory is a record of the data flows and assets that an organization handles and a data map is a visual representation of the data inventory. It is generated based on the same underlying data inventory, and the maps may contain varying degree of detail. GDPR Requirements Article 30 of GDPR requires data controllers and data processors to build and maintain a record of their data processing activities. 01 Privacy Statements To make privacy statements accurate based on what the organization is doing with the personal data. Individual Rights Management Data Privacy regulations gives individuals the ability to request to correct, port, access and delete the data organizations have about them. 02 04 Data Breach Preparation & Response Having a data map can help respond more appropriately to data breach and understand what data may have been exposed. 05 Security Understanding where the personal data is located and flowing is the first step to understand the security risks which allows to implement appropriate safeguards to be put in place. 03 Building a data inventory and map can help organizations proactively manage and protect personal data.
  • 7. SACON 2020 Sensitivity: Internal & Restricted However there are some challenges in building a data map Challenges in Building a Data Map Poor Information Available Lack of Precision & Expertise Time Consuming Outdated Quickly Poor Information Available Lack of knowledge available within the various business teams in an enterprise about the data flows Lack of Precision & Expertise The accuracy of data mapping depends on how comprehensive it is. It must account for things like mobile devices and cloud based applications etc.. Time Consuming Building data maps through an interview based approach is time consuming. Outdated Quickly Data mapping patterns need to be constantly updated, evaluated and verified for quality. If not it becomes obsolete very quickly. Need for an automated approach for data mapping & inventory
  • 8. SACON 2020 Sensitivity: Internal & Restricted Approach & Methodologies for Data Mapping
  • 9. SACON 2020 Sensitivity: Internal & Restricted In order to build a data map and inventory, start with an understanding of the 5W’s of personal data “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” – Sun Tzu, The Art of War • are we? (Controller or Processor) • are our data subjects? (Customers / Employees etc.) • are the categories of recipients to whom data will be disclosed? • do we keep their personal data? (Databases, File Servers, Cloud storage etc.) • do we transfer their personal data to? (Jurisdictions) • is personal data under our control? (purpose for which data is collected and stored) • are we keeping the personal data until? (Retention Period) • do we share personal data with others (Partners, Regulators, Governement authorities etc.) • data types are involved in the processing? • jurisdictions are involved in the processing? • technical security measures and organizational security measures do we have to safeguard the personal data? WHO WHERE WHY WHEN WHAT
  • 10. SACON 2020 Sensitivity: Internal & Restricted There are 2 approaches to do data mapping in an enterprise Top-Down Approach QUESTIONNAIRE INTERVIEWS BUSINESS PROCESS DATA ELEMENTS DATA DATA SOURCES DATA CLASSIFICATION Bottom-Up Approach DATA ELEMENTS DATA DATA DISCOVERY
  • 11. SACON 2020 Sensitivity: Internal & Restricted Leverage a combination of Top Down and Bottom Up approach for building the data map and data inventory Identify purpose of processing (Example Customer Support, Billing, Charge Calculation, Marketing Research, Credit Check, Goods & Services, Statistical Analysis etc. 7 81 2 4 53 6 Identify Business Unit data mapping owners from each of the Business Units like Finance, Consumer, Technology, Retail, HR, Enterprise, Consumer Operations etc. Identify key stakeholders from each business unit that have information on the processing activities in each purpose of processing Capture information on the source and location of personal data using personal data discovery solutions, the entry point for personal data, format in which data is stored, where is it getting stored, countries in which it is getting stored, locations from which it is accessed and to whom it is being disclosed, retention etc. Manage the data inventory and data mapping in a Privacy Management Platform or a GRC solution to keep it alive in an ongoing manner. Identify Business Processes such as customer acquisition, Provisioning & Welcome, Customer service, Billing, Collection & Retention, Terminate, Recruitment, Hiring, Pre-On-boarding, Post- joining, Retire / Exit etc. Conduct data mapping interviews to Identify the categories of data subjects (Consumer, Enterprise customer, Subscriber, Employees etc.) and sub categories of personal data (Recruitment data, account data, call data, location data, device data etc.) processed Document data maps & Validate data flow and sign off on the personal data inventory.
  • 12. SACON 2020 Sensitivity: Internal & Restricted Tools & Techniques for Data Mapping
  • 13. SACON 2020 Sensitivity: Internal & Restricted Data Flow Mapping Techniques Inspect existing documents Observation Questionnaire Post-it Notes Template drawings Facilitation Workshops Whiteboard – Freeform Diagrams
  • 14. SACON 2020 Sensitivity: Internal & Restricted Automate the discovery of personal data in the enterprise Data Discovery throughout the enterprise is easier said than done. Data Discovery Personal Data Discovery • Personal Data Discovery solutions searches for personal data across the enterprise and cloud and correlates them to the identities. It relies on data values and context to find primary and related or connected data. Types of Data Sources • Structured Data Sources (Oracle, MySQL, MSSQL, Redshift etc. • Semi-Structured Data Sources (Cassandra, MongoDB etc.) • Unstructured (Google Drive, OneDrive, O365, SharePoint, Salesforce etc. PII Data Discovery • PII Data Discovery solutions helps you find Personally Identifiable Information (PII) on enterprise systems based on data values and data patterns (regular expressions). Types of Data Sources • Structured • Unstructured
  • 15. SACON 2020 Sensitivity: Internal & Restricted PII Data Discovery – Approach & Methodology Challenges in PII Data Discovery 1. False Positives – Time consuming to eliminate them. 2. Discovery Output – Discovery output is what type of data, but not whose data it is. 3. Continuous Compliance – Compliance requirements are continuous and hence one time scans not sufficient. PII Data Discovery Tools
  • 16. SACON 2020 Sensitivity: Internal & Restricted Personal Data Discovery – Approach & Methodology • Personal Data Discovery solution is pointed to examples of whatever identity data being discovered. • System uses seed data as learning set to then scan other data sources, initially looking for learned data and then other nearby data with high correlation back to identities. The system then reiterates on this, building a map of individual’s data across all kinds of data sources ranging from database to file share, to mainframe to Hadoop to SAP to cloud etc. Agentless Any data type Cloud Mine Machine Manage API Reporting Analysis Machine Learning driven correlation Personal Data Discovery Tools
  • 17. SACON 2020 Sensitivity: Internal & Restricted Tools Used for Data Mapping Usage Storage Transfer Archival RetentionCollection Collection Purge A visual representation of the end-to-end data flows of personal information processing activities identified across the enterprise. Data Mapping Tools
  • 18. SACON 2020 Sensitivity: Internal & Restricted Create a “Single Source of Truth” for Personal Information Processing Business units / functions Business process Contracts Supplier / 3rd party vendor PII processing activity records PII Country Contacts Assets Comprehensive Privacy Reporting GRC Platform / Privacy Management Platform Privacy Governance Alerts & Notifications Workflows Metrics & Reporting Privacy Incident Management Breach Notifications DPO Report System / App Report Top 100 DB Report BU / Function ReportPIA Report Privacy impact Assessment(s) Vendor Privacy Questionnaire Data Discovery Scanning Feeds Privacy audits Inventory Framework • A comprehensive, accurate and sustainable source of information regarding the PII that an enterprise holds, with details of its collection, use, disclosure, retention and disposal • Demonstrate compliance to wider Privacy legal and regulatory requirements with the data privacy inventory
  • 19. SACON 2020 Sensitivity: Internal & Restricted Sustenance of Data Mapping & Data Inventory
  • 20. SACON 2020 Sensitivity: Internal & Restricted Keep Your Data Map & Data Inventory Current Integrate & Automate PIA / DPIA process into Data Inventory PIA / DPIA Integration Conduct periodic audits to ensure data flows remain up to date. Re-audit certain data flows or applications on a different time scale. Automate Audits Leverage data discovery solutions to dynamically populate the inventory based on discovery scan output. Ongoing Data Discovery Get attestation of records in data inventory by the record owner Record Attestation Feed the ongoing vendor assessments into the inventory Ongoing Vendor Assessments Leverage technology to automate the data flow maps dynamically. Update Visual Maps
  • 21. SACON 2020 Sensitivity: Internal & Restricted Case Studies
  • 24. SACONSensitivity: Internal & Restricted SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur Thank You