Outlines Teradata's solution to addressing the requirements of the new EU General Data Protection Regulation which comes into force May 2018

1. EU GENERAL DATA
PROTECTION REGULATION
(GDPR)
TERADATA APPROACH

2. AGENDA
Services to assist as you prepare for GDPR
– Stage 1: Risk Assessment
Automation to inform your DPIA (Data
Protection Impact Assessment)
– Stage 2: Remediation
Re-use of automation to identify candidates for
minimisation and data quality repair
– Stage 3: Monitor
Re-use of automation to inform SAR (Subject
Access Rights) processing and breach
management

3. GDPR COMPLIANCE
Supported by central automation for GDPR
governance across IT platforms
Consortium: Legal focus accelerated by automation
ASSESSMENT
Collect evidence
Build initial DPIA
40 DAYS
1

4. ASSESSMENT
Collect evidence
Build initial DPIA
40 DAYS
1
REMEDIATION
Accelerated change
programme
Finalise DPIA
2-6 MONTHS
2
[OPTIONAL]
LEGAL OPINION

5. ASSESSMENT
Collect evidence
Build initial DPIA
40 DAYS
1
[OPTIONAL]
LEGAL
CERTIFICATION
REMEDIATION
Accelerated change
programme
Finalise DPIA
2-6 MONTHS
2
ONGOING
3
MONITOR
Operate GDPR
Compliant business
[OPTIONAL]
LEGAL OPINION

6. REMEDIATION
Accelerated change
programme
Finalise DPIA
2-6 MONTHS
2
ONGOING
3
MONITOR
Operate GDPR
Compliant business
ASSESSMENT
Collect evidence
Build initial DPIA
40 DAYS
1
[OPTIONAL]
LEGAL
CERTIFICATION
[OPTIONAL]
LEGAL OPINION

7. ASSESSMENT
Collect evidence
Build initial DPIA
40 DAYS
1

8. GDPR CHALLENGES NEED
A COMBINATION OF SKILLS
Our automation to inform your Data Protection Impact
Assessment (DPIA), supporting your in-house Risk
Assessment with verifiable EVIDENCE

9. *Informed by
Teradata
automation
STAGE 1: ASSESSMENT WORKSHOP
UNDERSTAND SCOPE OF IN-HOUSE GDPR PROGRAMME & HOW WE CAN ASSIST
ASSESS WHETHER TERADATA INFOSEC SHOULD
ENGAGE TO ASSIST IN-HOUSE INFOSEC TEAM e.g.
ENCRYPTION/OBSFICATION AND PHYSICAL
ASSESS HOW GDPR CAN BUILD CROSS-PLATFORM
DATA LINEAGE & ACCESS MAPS TO INFORM DPIA
ACCORDING TO RISK PRIORITY DEFINED BY CLIENT
ASSESS HOW GDPR ASSIST CAN INFORM WHICH
USER/DEPT/TOOL ACCESSES PRIVATE DATA.
ASSESS HOW GDPR ASSIST CAN INFORM SARs
ASSESS HOW GDPR ASSIST CAN INFORM THE
IMPACT ASSESSMENT OF A BREACH e.g.
CONSIDER WHICH PRIVATE DATA IS POTENTIALLY
AT RISK
ASSESS HOW GDPR ASSIST CAN INFORM DPIA BY
IDENTIFICATION OF WHO ACCESSES PRIVATE
DATA
UNDERSTAND OBJECTIVES (REVENUE PILLARS or
SERVICE LINES) & FUNCTIONS. UNDERSTAND
ORGANISATION & 3rd PARTY DEPENDENCIES
ASSESS HOW GDPR ASSIST CAN INFORM WHERE
PRIVATE DATA IS HELD. CHECK LEGACY
PLATFORMS ARE FEASIBLE FOR REMEDIATION [OR
CONVERSION]
OBJECTIVES &
STAKEHOLDERS
ASSESS HOW GDPE ASSIST CAN CREATE DATA
LINEAGE & USAGE MAPS TO INFORM DPIA RE USE
OF PRIVATE DATA BY BUSINESS PROCESSES
BUSINESS PROCESSES
BREACH PROCESSING
GDPR GOVERNANCE
IT ESTATE
DATA SECURITY
*
*
*
FIND PRIVATE DATA
*
PEOPLE
*
UNDERSTAND GDPR PROGRAMME SCOPE &
ORGANISATION. ROADMAP & STATUS. ASSESS
FEASIBILITY OF DPIA TIMELINE
GDPR PROGRAMME &
ORGANISATION
UNDERSTAND HOW SCOPE & EXPIRY OF
CONSENTS FOR LEGAL USE-CASES IS MANAGED
– HOW WE ACCESS THIS FOR GDPR ASSIST
T&Cs / CONSENTS
For PRODUCTS & SERVICES
*
*
UNDERSTAND HOW COMFORTABLE
STAKEHOLDERS ARE WITH LEGAL AND RISK
ASSESSMENTS, MAKE SPECIALIST REFERRALS
TO ASSIST UPON REQUEST
LEGAL & RISK ASSESSMENT

10. ACCELERATED BY AUTOMATION
A recent example…
GDPR scope is complex, it cannot be done manually.
STAGE 1:

11. ACCELERATED BY AUTOMATION
A recent example…
GDPR scope is complex, it cannot be done manually.
STAGE 1:

12. Our GDPR approach automates the collection of
accurate evidence to inform the DPIA
How? It ingests metadata
“footprints in the sand” that were written each time
data was processed by your IT systems
30m+
Customers
6
Primary
Customer
Channels
3,000
Branches,
8,000 ATMs
19
PB Data
17
Datacentres &
236 Tech
Rooms
3,900
Business
Apps
15,000
Point to Point
Integrations
20,000
Servers
The alternative? Manual data surveys/DPIAs give a
“best guess”, no verifiable evidence
They are expensive, they divert key staff from day job
. . . And they are soon out of date

13. MANUAL VERSUS
AUTOMATION EXAMPLE
Tier 1 Global Bank using their SI Partner

14. MANUAL
APPROACH
AUTOMATED
APPROACH

15. AUTOMATED
APPROACH
MANUAL
APPROACH

16. MANUAL
APPROACH
The Bank had worked for 7 months to
manually document source to target data
lineage for a business process.
MANUAL
ANSWER
The business process stated only five
databases used, these were all on a
Teradata platform. Insufficient time to
attempt to identify who accessed which
data or assess data quality.
MONTHS

17. MANUAL
APPROACH
The Bank had worked for 7 months to
manually document source to target data
lineage for a business process.
MANUAL
ANSWER
The business process stated only five
databases used, these were all on a
Teradata platform. Insufficient time to
attempt to identify who accessed which
data or assess data quality.
MONTHS

18. AUTOMATED
APPROACH
WEEKS
In 4 weeks Teradata published source to target
data lineage that identified how the business
process accessed data from 74 databases on
multiple platforms (Teradata, MS SQL
Server/SSIS, Oracle, into Excel) then data went
back onto Teradata for reporting
AUTO
ANSWER
Multi-platform source to target lineage across
74 Databases. Data usage mapped to lineage. Data
transformations identified.

19. OUTCOME
Bank verified accuracy of lineage, then remediated
[minimisation] to remove >30% of data and redirect users to
accurate data
Reduced TCO because Bank does not populate/support all of
that legacy data
… and now they run refreshes to keep everything up to date

20. GDPR ASSIST COSTING
EXAMPLE BASED ON PRIOR CASES

21. GDPR ASSIST SERVICE RESULTS DURATION CHARGE
Setup and populate an
automated portal to inform
the DPIA for priority risk areas
Data Lineage & Data Usage
& Candidates for Minimisation
30 days
Hosted Sprint
£75,000
Populate portal for
remaining risk areas
Data Lineage & Data Usage &
Candidates
for Minimisation
60 days
Hosted Sprint
£150,000
Monthly hosting and
licensing of automated
portal to inform the DPIA. (max
5 concurrent users)
Data Lineage & Data Usage,
Candidates for Minimisation
Min 3 months.
30 days notice to cancel
£8,800/month

22. STAGE 1: AUTOMATION TO COLLECT
EVIDENCE AND POPULATE DPIA

23. STAGE 1: AUTOMATION TO COLLECT
EVIDENCE AND POPULATE DPIA

24. PRODUCER CONSUMER
HOW DATA FLOWS ACROSS THE
COMPLEX ECOSYSTEM
HOW DATA IS ACCESSED

25. CONSUMER
HOW DATA IS ACCESSED
PRODUCER
HOW DATA FLOWS ACROSS THE
COMPLEX ECOSYSTEM

26. PRODUCER
HOW DATA FLOWS ACROSS THE
COMPLEX ECOSYSTEM
How is it accurate? How should
it reconcile?
Where does my data come from?
How is it transformed?

27. CONSUMER
HOW DATA IS ACCESSED
Fingerprinting to group data into
subject areas.
Show who uses different versions of a
business metric . . .
Inform DATA ACCURACY & DATA
MINIMISATION
PRODUCER & CONSUMER combine to
give accurate evidence to help you to
quantify risk & decide on appropriate
governance

28. EXAMPLE ROADMAP FOR
GDPR READINESS

29. ASSESSMENT
1
REMEDIATION
2
MONITOR
3
40 DAYS MONTH M MONTH M +1 MONTH M +2 ON GOING
CENTRAL REPOSITORY – METADATA DRIVEN
Transparency created by GDPR Assist for multiple platforms
Remediate high risks
Incremental sprints remediate low risk
Monitor high risks
Monitor low risk
OPTIONALLEGALOPINION
OPTIONALLEGALCERTIFICATION
High risk areas
covered first
Incremental sprints cover low risk

30. UK REGULATOR’S GUIDANCE
TO PREPARE FOR GDPR
Preparing for the General Data Protection Regulation (GDPR)
12
steps to take now
ico

31. 1 2 3 4
5 6 7 8
9 10 11 12
AWARENESS
You should make sure that decision makers and
key people in your organisation are aware that
the law is changing to the
GDPR. They need to appreciate the
impact this is likely to have.
SUBJECT ACCESS REQUESTS
You should update your procedures and plan
how to you will handle requests within the new
timescales and provide any additional
information.
DATA BREACHES
You should make sure you have the right
procedures in place to detect, report and
investigate a personal data breach.
INFORMATION YOU HOLD
You should document what personal data you
hold, where it came from and who you share it
with. You may need to organise an information
audit.
LEGAL BASIS FOR
PROCESSING PERSONAL DATA
DATA PROTECTION BY DESIGN
AND IMPACT ASSESSMENTS
You should familiarise yourself now with the
guidance the ICO has produced on Privacy
Impact Assessments and work out how and
when to implement them in your organisation.
You should document what personal data you
hold, where it came from and who you share it
with. You may need to organise an information
audit.
COMMUNICATING
PRIVACY INFORMATION
You should review your current privacy notices
and put a plan in place for making any necessary
changes in time for GDPR implementation.
CONSENT
You should review how you are seeking,
obtaining and recording consent and whether
you need to make any changes.
DATA PROTECTION OFFICERS
You should designate a Data Protection Officer,
if required, or someone to take responsibility for
data protection
compliance and assess where this role will
sit within your organisation’s structure and
governance arrangements.
INDIVIDUALS’ RIGHTS
You should check your procedures to ensure
they cover all the rights individuals have,
including how you would delete personal data or
provide data electronically and in a commonly
used format.
CHILDREN
You should start thinking now about putting
systems in place to verify individuals’ ages and to
gather parental or guardian consent for the data
processing activity.
INTERNATIONAL
If your organisation operates internationally, you
should determine which data
protection supervisory authority you
come under.
ico

32. 1 2 3 4
5 6 7 8
9 10 11 12
AWARENESS
GDPR Assist identifies who accesses which
private data, how often, tools etc. Ensure that
these people are included in awareness plans.
SUBJECT ACCESS REQUESTS
You should update your procedures and plan
how to you will handle requests within the new
timescales and provide any additional
information.
DATA BREACHES
You should make sure you have the right
procedures in place to detect, report and
investigate a personal data breach.
INFORMATION YOU HOLD
You should document what personal data you
hold, where it came from and who you share it
with. You may need to organise an information
audit.
LEGAL BASIS FOR
PROCESSING PERSONAL DATA
DATA PROTECTION BY DESIGN
AND IMPACT ASSESSMENTS
You should familiarise yourself now with the
guidance the ICO has produced on Privacy
Impact Assessments and work out how and
when to implement them in your organisation.
You should document what personal data you
hold, where it came from and who you share it
with. You may need to organise an information
audit.
COMMUNICATING
PRIVACY INFORMATION
You should review your current privacy notices
and put a plan in place for making any necessary
changes in time for GDPR implementation.
CONSENT
You should review how you are seeking,
obtaining and recording consent and whether
you need to make any changes.
DATA PROTECTION OFFICERS
You should designate a Data Protection Officer,
if required, or someone to take responsibility for
data protection
compliance and assess where this role will
sit within your organisation’s structure and
governance arrangements.
INDIVIDUALS’ RIGHTS
You should check your procedures to ensure
they cover all the rights individuals have,
including how you would delete personal data or
provide data electronically and in a commonly
used format.
CHILDREN
You should start thinking now about putting
systems in place to verify individuals’ ages and to
gather parental or guardian consent for the data
processing activity.
INTERNATIONAL
If your organisation operates internationally, you
should determine which data
protection supervisory authority you
come under.

33. 1 2 3 4
5 6 7 8
9 10 11 12
AWARENESS
GDPR Assist identifies who accesses which
private data, how often, tools etc. Ensure that
these people are included in awareness plans.
SUBJECT ACCESS REQUESTS
You should update your procedures and plan
how to you will handle requests within the new
timescales and provide any additional
information.
DATA BREACHES
You should make sure you have the right
procedures in place to detect, report and
investigate a personal data breach.
INFORMATION YOU HOLD
GDPR Assist identifies what personal data you
hold, where it came from [including lineage] and
the apps and users who see it [usage].
LEGAL BASIS FOR
PROCESSING PERSONAL DATA
DATA PROTECTION BY DESIGN
AND IMPACT ASSESSMENTS
You should familiarise yourself now with the
guidance the ICO has produced on Privacy
Impact Assessments and work out how and
when to implement them in your organisation.
You should document what personal data you
hold, where it came from and who you share it
with. You may need to organise an information
audit.
COMMUNICATING
PRIVACY INFORMATION
You should review your current privacy notices
and put a plan in place for making any necessary
changes in time for GDPR implementation.
CONSENT
You should review how you are seeking,
obtaining and recording consent and whether
you need to make any changes.
DATA PROTECTION OFFICERS
You should designate a Data Protection Officer,
if required, or someone to take responsibility for
data protection
compliance and assess where this role will
sit within your organisation’s structure and
governance arrangements.
INDIVIDUALS’ RIGHTS
You should check your procedures to ensure
they cover all the rights individuals have,
including how you would delete personal data or
provide data electronically and in a commonly
used format.
CHILDREN
You should start thinking now about putting
systems in place to verify individuals’ ages and to
gather parental or guardian consent for the data
processing activity.
INTERNATIONAL
If your organisation operates internationally, you
should determine which data
protection supervisory authority you
come under.

34. 1 2 3 4
5 6 7 8
9 10 11 12
AWARENESS
GDPR Assist identifies who accesses which
private data, how often, tools etc. Ensure that
these people are included in awareness plans.
SUBJECT ACCESS REQUESTS
You should update your procedures and plan
how to you will handle requests within the new
timescales and provide any additional
information.
DATA BREACHES
You should make sure you have the right
procedures in place to detect, report and
investigate a personal data breach.
INFORMATION YOU HOLD
GDPR Assist identifies what personal data you
hold, where it came from [including lineage] and
the apps and users who see it [usage].
LEGAL BASIS FOR
PROCESSING PERSONAL DATA
DATA PROTECTION BY DESIGN
AND IMPACT ASSESSMENTS
You should familiarise yourself now with the
guidance the ICO has produced on Privacy
Impact Assessments and work out how and
when to implement them in your organisation.
You should document what personal data you
hold, where it came from and who you share it
with. You may need to organise an information
audit.
COMMUNICATING
PRIVACY INFORMATION
GDPR Assist shows how users and apps access
private data so appropriate privacy notices can
be put in place at all access points.
CONSENT
You should review how you are seeking,
obtaining and recording consent and whether
you need to make any changes.
DATA PROTECTION OFFICERS
You should designate a Data Protection Officer,
if required, or someone to take responsibility for
data protection
compliance and assess where this role will
sit within your organisation’s structure and
governance arrangements.
INDIVIDUALS’ RIGHTS
You should check your procedures to ensure
they cover all the rights individuals have,
including how you would delete personal data or
provide data electronically and in a commonly
used format.
CHILDREN
You should start thinking now about putting
systems in place to verify individuals’ ages and to
gather parental or guardian consent for the data
processing activity.
INTERNATIONAL
If your organisation operates internationally, you
should determine which data
protection supervisory authority you
come under.

35. 1 2 3 4
5 6 7 8
9 10 11 12
AWARENESS
GDPR Assist identifies who accesses which
private data, how often, tools etc. Ensure that
these people are included in awareness plans.
SUBJECT ACCESS REQUESTS
You should update your procedures and plan
how to you will handle requests within the new
timescales and provide any additional
information.
DATA BREACHES
You should make sure you have the right
procedures in place to detect, report and
investigate a personal data breach.
INFORMATION YOU HOLD
GDPR Assist identifies what personal data you
hold, where it came from [including lineage] and
the apps and users who see it [usage].
LEGAL BASIS FOR
PROCESSING PERSONAL DATA
DATA PROTECTION BY DESIGN
AND IMPACT ASSESSMENTS
You should familiarise yourself now with the
guidance the ICO has produced on Privacy
Impact Assessments and work out how and
when to implement them in your organisation.
You should document what personal data you
hold, where it came from and who you share it
with. You may need to organise an information
audit.
COMMUNICATING
PRIVACY INFORMATION
GDPR Assist shows how users and apps access
private data so appropriate privacy notices can
be put in place at all access points.
CONSENT
You should review how you are seeking,
obtaining and recording consent and whether
you need to make any changes.
DATA PROTECTION OFFICERS
You should designate a Data Protection Officer,
if required, or someone to take responsibility for
data protection
compliance and assess where this role will
sit within your organisation’s structure and
governance arrangements.
INDIVIDUALS’ RIGHTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
CHILDREN
You should start thinking now about putting
systems in place to verify individuals’ ages and to
gather parental or guardian consent for the data
processing activity.
INTERNATIONAL
If your organisation operates internationally, you
should determine which data
protection supervisory authority you
come under.

36. 1 2 3 4
5 6 7 8
9 10 11 12
AWARENESS
GDPR Assist identifies who accesses which
private data, how often, tools etc. Ensure that
these people are included in awareness plans.
SUBJECT ACCESS REQUESTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
DATA BREACHES
You should make sure you have the right
procedures in place to detect, report and
investigate a personal data breach.
INFORMATION YOU HOLD
GDPR Assist identifies what personal data you
hold, where it came from [including lineage] and
the apps and users who see it [usage].
LEGAL BASIS FOR
PROCESSING PERSONAL DATA
DATA PROTECTION BY DESIGN
AND IMPACT ASSESSMENTS
You should familiarise yourself now with the
guidance the ICO has produced on Privacy
Impact Assessments and work out how and
when to implement them in your organisation.
You should document what personal data you
hold, where it came from and who you share it
with. You may need to organise an information
audit.
COMMUNICATING
PRIVACY INFORMATION
GDPR Assist shows how users and apps access
private data so appropriate privacy notices can
be put in place at all access points.
CONSENT
You should review how you are seeking,
obtaining and recording consent and whether
you need to make any changes.
DATA PROTECTION OFFICERS
You should designate a Data Protection Officer,
if required, or someone to take responsibility for
data protection
compliance and assess where this role will
sit within your organisation’s structure and
governance arrangements.
INDIVIDUALS’ RIGHTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
CHILDREN
You should start thinking now about putting
systems in place to verify individuals’ ages and to
gather parental or guardian consent for the data
processing activity.
INTERNATIONAL
If your organisation operates internationally, you
should determine which data
protection supervisory authority you
come under.

37. 1 2 3 4
5 6 7 8
9 10 11 12
AWARENESS
GDPR Assist identifies who accesses which
private data, how often, tools etc. Ensure that
these people are included in awareness plans.
SUBJECT ACCESS REQUESTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
DATA BREACHES
You should make sure you have the right
procedures in place to detect, report and
investigate a personal data breach.
INFORMATION YOU HOLD
GDPR Assist identifies what personal data you
hold, where it came from [including lineage] and
the apps and users who see it [usage].
LEGAL BASIS FOR
PROCESSING PERSONAL DATA
DATA PROTECTION BY DESIGN
AND IMPACT ASSESSMENTS
You should familiarise yourself now with the
guidance the ICO has produced on Privacy
Impact Assessments and work out how and
when to implement them in your organisation.
GDPR Assist identifies where personal data is
processed and used, including lineage and in-
flight transformations.
COMMUNICATING
PRIVACY INFORMATION
GDPR Assist shows how users and apps access
private data so appropriate privacy notices can
be put in place at all access points.
CONSENT
You should review how you are seeking,
obtaining and recording consent and whether
you need to make any changes.
DATA PROTECTION OFFICERS
You should designate a Data Protection Officer,
if required, or someone to take responsibility for
data protection
compliance and assess where this role will
sit within your organisation’s structure and
governance arrangements.
INDIVIDUALS’ RIGHTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
CHILDREN
You should start thinking now about putting
systems in place to verify individuals’ ages and to
gather parental or guardian consent for the data
processing activity.
INTERNATIONAL
If your organisation operates internationally, you
should determine which data
protection supervisory authority you
come under.

38. 1 2 3 4
5 6 7 8
9 10 11 12
AWARENESS
GDPR Assist identifies who accesses which
private data, how often, tools etc. Ensure that
these people are included in awareness plans.
SUBJECT ACCESS REQUESTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
DATA BREACHES
You should make sure you have the right
procedures in place to detect, report and
investigate a personal data breach.
INFORMATION YOU HOLD
GDPR Assist identifies what personal data you
hold, where it came from [including lineage] and
the apps and users who see it [usage].
LEGAL BASIS FOR
PROCESSING PERSONAL DATA
DATA PROTECTION BY DESIGN
AND IMPACT ASSESSMENTS
You should familiarise yourself now with the
guidance the ICO has produced on Privacy
Impact Assessments and work out how and
when to implement them in your organisation.
GDPR Assist identifies where personal data is
processed and used, including lineage and in-
flight transformations.
COMMUNICATING
PRIVACY INFORMATION
GDPR Assist shows how users and apps access
private data so appropriate privacy notices can
be put in place at all access points.
CONSENT
GDPR Assist identifies where private data is held
across all technologies. It informs where
consents are required or have expired.
DATA PROTECTION OFFICERS
You should designate a Data Protection Officer,
if required, or someone to take responsibility for
data protection
compliance and assess where this role will
sit within your organisation’s structure and
governance arrangements.
INDIVIDUALS’ RIGHTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
CHILDREN
You should start thinking now about putting
systems in place to verify individuals’ ages and to
gather parental or guardian consent for the data
processing activity.
INTERNATIONAL
If your organisation operates internationally, you
should determine which data
protection supervisory authority you
come under.

39. 1 2 3 4
5 6 7 8
9 10 11 12
AWARENESS
GDPR Assist identifies who accesses which
private data, how often, tools etc. Ensure that
these people are included in awareness plans.
SUBJECT ACCESS REQUESTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
DATA BREACHES
You should make sure you have the right
procedures in place to detect, report and
investigate a personal data breach.
INFORMATION YOU HOLD
GDPR Assist identifies what personal data you
hold, where it came from [including lineage] and
the apps and users who see it [usage].
LEGAL BASIS FOR
PROCESSING PERSONAL DATA
DATA PROTECTION BY DESIGN
AND IMPACT ASSESSMENTS
You should familiarise yourself now with the
guidance the ICO has produced on Privacy
Impact Assessments and work out how and
when to implement them in your organisation.
GDPR Assist identifies where personal data is
processed and used, including lineage and in-
flight transformations.
COMMUNICATING
PRIVACY INFORMATION
GDPR Assist shows how users and apps access
private data so appropriate privacy notices can
be put in place at all access points.
CONSENT
GDPR Assist identifies where private data is held
across all technologies. It informs where
consents are required or have expired.
DATA PROTECTION OFFICERS
You should designate a Data Protection Officer,
if required, or someone to take responsibility for
data protection
compliance and assess where this role will
sit within your organisation’s structure and
governance arrangements.
INDIVIDUALS’ RIGHTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
CHILDREN
GDPR Assist identifies where private data on
children is held, across all technologies. This
informs where all ages should be verified and
parental consent is required.
INTERNATIONAL
If your organisation operates internationally, you
should determine which data
protection supervisory authority you
come under.

40. 1 2 3 4
5 6 7 8
9 10 11 12
AWARENESS
GDPR Assist identifies who accesses which
private data, how often, tools etc. Ensure that
these people are included in awareness plans.
SUBJECT ACCESS REQUESTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
DATA BREACHES
GDPR Assist identifies where private data is held
and used across all technologies. This informs
reporting of a personal data breach within 72
hour timescale.
INFORMATION YOU HOLD
GDPR identifies what personal data you hold,
where it came from [including lineage] and the
apps and users who see it [usage].
LEGAL BASIS FOR
PROCESSING PERSONAL DATA
DATA PROTECTION BY DESIGN
AND IMPACT ASSESSMENTS
You should familiarise yourself now with the
guidance the ICO has produced on Privacy
Impact Assessments and work out how and
when to implement them in your organisation.
GDPR identifies where personal data is
processed and used, including lineage and in-
flight transformations.
COMMUNICATING
PRIVACY INFORMATION
GDPR Assist shows how users and apps access
private data so appropriate privacy notices can
be put in place at all access points.
CONSENT
GDPR Assist identifies where private data is held
across all technologies. It informs where
consents are required or have expired.
DATA PROTECTION OFFICERS
You should designate a Data Protection Officer,
if required, or someone to take responsibility for
data protection
compliance and assess where this role will
sit within your organisation’s structure and
governance arrangements.
INDIVIDUALS’ RIGHTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
CHILDREN
GDPR Assist identifies where private data on
children is held, across all technologies. This
informs where all ages should be verified and
parental consent is required.
INTERNATIONAL
If your organisation operates internationally, you
should determine which data
protection supervisory authority you
come under.

41. 1 2 3 4
5 6 7 8
9 10 11 12
AWARENESS
GDPR Assist identifies who accesses which
private data, how often, tools etc. Ensure that
these people are included in awareness plans.
SUBJECT ACCESS REQUESTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
DATA BREACHES
GDPR Assist identifies where private data is held
and used across all technologies. This informs
reporting of a personal data breach within 72
hour timescale.
INFORMATION YOU HOLD
GDPR Assist identifies what personal data you
hold, where it came from [including lineage] and
the apps and users who see it [usage].
LEGAL BASIS FOR
PROCESSING PERSONAL DATA
DATA PROTECTION BY DESIGN
AND IMPACT ASSESSMENTS
GDPR Assist identifies where private data is
held, processed and accessed, including lineage
and in-flight transformations. GDPR automation
keeps the DPIA accurate/current.
GDPR Assist identifies where personal data is
processed and used, including lineage and in-
flight transformations.
COMMUNICATING
PRIVACY INFORMATION
GDPR Assist shows how users and apps access
private data so appropriate privacy notices can
be put in place at all access points.
CONSENT
GDPR Assist identifies where private data is held
across all technologies. It informs where
consents are required or have expired.
DATA PROTECTION OFFICERS
You should designate a Data Protection Officer,
if required, or someone to take responsibility for
data protection
compliance and assess where this role will
sit within your organisation’s structure and
governance arrangements.
INDIVIDUALS’ RIGHTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
CHILDREN
GDPR Assist identifies where private data on
children is held, across all technologies. This
informs where all ages should be verified and
parental consent is required.
INTERNATIONAL
If your organisation operates internationally, you
should determine which data
protection supervisory authority you
come under.

42. 1 2 3 4
5 6 7 8
9 10 11 12
AWARENESS
GDPR Assist identifies who accesses which
private data, how often, tools etc. Ensure that
these people are included in awareness plans.
SUBJECT ACCESS REQUESTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
DATA BREACHES
GDPR Assist identifies where private data is held
and used across all technologies. This informs
reporting of a personal data breach within 72
hour timescale.
INFORMATION YOU HOLD
GDPR Assist identifies what personal data you
hold, where it came from [including lineage] and
the apps and users who see it [usage].
LEGAL BASIS FOR
PROCESSING PERSONAL DATA
DATA PROTECTION BY DESIGN
AND IMPACT ASSESSMENTS
GDPR Assist identifies where private data is
held, processed and accessed, including lineage
and in-flight transformations. GDPR automation
keeps the DPIA accurate/current.
GDPR Assist identifies where personal data is
processed and used, including lineage and in-
flight transformations.
COMMUNICATING
PRIVACY INFORMATION
GDPR Assist shows how users and apps access
private data so appropriate privacy notices can
be put in place at all access points.
CONSENT
GDPR Assist identifies where private data is held
across all technologies. It informs where
consents are required or have expired.
DATA PROTECTION OFFICERS
GDPR Assist provides accurate timely facts to
support the Data Protection Officer and
governance teams.
INDIVIDUALS’ RIGHTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
CHILDREN
GDPR Assist identifies where private data on
children is held, across all technologies. This
informs where all ages should be verified and
parental consent is required.
INTERNATIONAL
If your organisation operates internationally, you
should determine which data
protection supervisory authority you
come under.

43. 1 2 3 4
5 6 7 8
9 10 11 12
AWARENESS
GDPR Assist identifies who accesses which
private data, how often, tools etc. Ensure that
these people are included in awareness plans.
SUBJECT ACCESS REQUESTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
DATA BREACHES
GDPR Assist identifies where private data is held
and used across all technologies. This informs
reporting of a personal data breach within 72
hour timescale.
INFORMATION YOU HOLD
GDPR identifies what personal data you hold,
where it came from [including lineage] and the
apps and users who see it [usage].
LEGAL BASIS FOR
PROCESSING PERSONAL DATA
DATA PROTECTION BY DESIGN
AND IMPACT ASSESSMENTS
GDPR Assist identifies where private data is
held, processed and accessed, including lineage
and in-flight transformations. GDPR automation
keeps the DPIA accurate/current.
GDPR Assist identifies where personal data is
processed and used, including lineage and in-
flight transformations.
COMMUNICATING
PRIVACY INFORMATION
GDPR Assist shows how users and apps access
private data so appropriate privacy notices can
be put in place at all access points.
CONSENT
GDPR Assist identifies where private data is held
across all technologies. It informs where
consents are required or have expired.
DATA PROTECTION OFFICERS
GDPR Assist provides accurate timely facts to
support the Data Protection Officer and
governance teams.
INDIVIDUALS’ RIGHTS
GDPR Assist identifies where private data is held
across all technologies, it manages Subject
Access Requests [portability, right to be
forgotten, accuracy challenge], and identifies
who to notify within GDPR breach notification
timescales [72 hours.]
CHILDREN
GDPR Assist identifies where private data on
children is held, across all technologies. This
informs where all ages should be verified and
parental consent is required.
INTERNATIONAL
GDPR Assist identifies where personal data is
held and accessed allowing you to identify data
movements.

44. NEXT STEPS

45. Assess Client’s current GDPR
roadmap & status
1
GDPR FREE PLANNING WORKSHOP: 2 HOURS

46. Assess Client’s current GDPR
roadmap & status
1
Identify areas where
Client seeks Teradata
services to inform DPIA
using automation
2
GDPR FREE PLANNING WORKSHOP: 2 HOURS

47. Assess Client’s current GDPR
roadmap & status
1
Identify areas where
Client seeks Teradata
services to inform DPIA
using automation
2
Identify areas where
Client requests introductions to
specialist legal/business services
to augment
in-house capabilities
3
GDPR FREE PLANNING WORKSHOP: 2 HOURS

48. Assess Client’s current GDPR
roadmap & status
1
Identify areas where
Client seeks Teradata
services to inform DPIA
using automation
2
Identify areas where
Client requests introductions to
specialist legal/business services
to augment
in-house capabilities
3
Following that workshop
we will provide a quotation
and Statement of Work
for automation to inform
the DPIA, based upon agreed
scope e.g. Lines
of Business or Data Scope
4
GDPR FREE PLANNING WORKSHOP: 2 HOURS

49. Prior to commencement of
first automation sprint
Teradata will provide
metadata extract scripts for
Client to execute
1
GDPR AUTOMATION SERVICES TO INFORM DPIA

50. Prior to commencement of
first automation sprint
Teradata will provide
metadata extract scripts for
Client to execute
1
Teradata will then ingest the
metadata into our secure
hosted service
(or on premises) and deliver
the 1 month automation to
inform
the DPIA
2
GDPR AUTOMATION SERVICES TO INFORM DPIA

51. Prior to commencement of
first automation sprint
Teradata will provide
metadata extract scripts for
Client to execute
1
Teradata will then ingest the
metadata into our secure
hosted service
(or on premises) and deliver
the 1 month automation to
inform
the DPIA
2
Week 2:
Mid-Point Workshop.
Demonstrate initial results
of automation
3
GDPR AUTOMATION SERVICES TO INFORM DPIA

52. Prior to commencement of
first automation sprint
Teradata will provide
metadata extract scripts for
Client to execute
1
Teradata will then ingest the
metadata into our secure
hosted service
(or on premises) and deliver
the 1 month automation to
inform
the DPIA
2
Week 2:
Mid-Point Workshop.
Demonstrate initial results
of automation
3
Week 4:
Final Workshop and Client
training to use portal for
insights to inform DPIA
4
GDPR AUTOMATION SERVICES TO INFORM DPIA