View
138
Download
0
Category
Preview:
Citation preview
1© 2017 IDERA, Inc. All rights reserved.
TACKLING KEY GDPR CHALLENGES
WITH DATA MODELING AND
GOVERNANCE
NOVEMBER 08TH, 2017
Sultan ShiffaSenior Software Consultant, Enterprise Architecture & Modeling
Sultan.Shiffa@idera.com
2© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 2© 2017 IDERA, Inc. All rights reserved.
AGENDA
GDPR Overview Implications for organisations• Principles and conditions for personal data
and its processing• Consent management• Individual rights• Privacy by design• Data security and breach notification
IDERA’s Enterprise Data Architecture Solution Tackling GDPR challenges with EDA Solution
3© 2016 IDERA, Inc. All rights reserved.
GDPR Overview
4© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 4© 2017 IDERA, Inc. All rights reserved.
GDPR OVERVIEW
Effective from 25th of May, 2018 Replaces directives like DPA and country
data protection laws Applies to:• Personal data• Sensitive personal data• Global
Fines – 20 Mio. Euros or 4% annual worldwide turnover (up to the greater)
5© 2016 IDERA, Inc. All rights reserved.
Implications for organisations
6© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 6© 2017 IDERA, Inc. All rights reserved.
PRINCIPLES OF PROCESSING PERSONAL DATA
UNDER GDPR – ARTICLE 5
• Processed lawfully, fairly and in a transparent manner in relation to individuals
• Collected for specified, explicit and legitimate purposes• Adequate, relevant and limited to what is necessary in
relation to the purposes for which they are processed• Accurate and, where necessary, kept up to date• Kept in a form which permits identification of data subjects
for no longer than is necessary for the purposes for which the personal data are processed
• Processed ensuring appropriate security of the personal data
7© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 7© 2017 IDERA, Inc. All rights reserved.
CONDITIONS FOR DATA PROCESSING
• Consent of the data subject• Processing is necessary for :• For the performance of a contract with the data subject or to
take steps to enter into a contract. • For compliance with a legal obligation. • To protect the vital interests of a data subject or another
person.• For the performance of a task carried out in the public
interest or in the exercise of official authority vested in the controller
8© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 8© 2017 IDERA, Inc. All rights reserved.
CONSENT CHANGES UNDER GDPR – ARTICLE 6
• Consent must be freely given, specific, informed and unambiguous
• Consent requires some form of clear affirmative action. Opt out or silence does not constitute consent
• Consent must be demonstrable. Some form of record must be kept of how and when consent was given.
• Individuals have the right to withdraw consent at any time.• All current processing that uses consent should be reviewed to
ensure it meets the GDPR requirements.
9© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 9© 2017 IDERA, Inc. All rights reserved.
NEW INDIVIDUAL RIGHTS UNDER GDPR
• The right to be informed – usually via Privacy notices• The right of access –• The right to rectification• The right to erasure – also known as the right to be forgotten• The right to restrict processing• The right to data portability• The right to object – includes profiling, direct marketing and
processing for research• Rights in relation to automated decision making and profiling.
10© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 10© 2017 IDERA, Inc. All rights reserved.
PRIVACY BY DESIGN UNDER GDPR AND DPIA
Control exposure to personal data DPIA is under the GDPR a legal requirement and high-risk
situations require ICO consultancy DPIA at project start ensures privacy by design, compliance with
legislation and that systems are built with security from outset and risks are managed.
Better and cheaper solutions as adding in good security at a later date can be costly
.
11© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 11© 2017 IDERA, Inc. All rights reserved.
DATA BREACH NOTIFICATION UNDER GDPR
GDPR introduces a duty on all organisations to report on data breach to supervisory authority, and in some cases to the individuals affected.
A personal data breach = destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
Risky data breaches will need to be reported to supervisory authorities and individuals notified directly.
Breach notification within 72 hours and internally to the organisation.
Failure to report a breach can also result in fines.
12© 2016 IDERA, Inc. All rights reserved.
IDERA’s Enterprise Data Architecture
Solution
13© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 13© 2017 IDERA, Inc. All rights reserved.
IDERA’S ER/STUDIO ENABLES ENTERPRISE ARCHITECTURE
Enterprise Enablement
Bu
sin
ess
Arc
hit
ectu
re
Ap
plic
atio
n A
rch
itec
ture
Tec
hn
ical
Arc
hit
ectu
re
Data Architecture
14© 2016 IDERA, Inc. All rights reserved.
ER/STUDIO ENTERPRISE TEAM EDITION 2017
15© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 15© 2017 IDERA, Inc. All rights reserved.
ER/STUDIO TEAM SERVER: ENTERPRISE COLLABORATION
16© 2016 IDERA, Inc. All rights reserved.
Tackling GDPR challenges with EDA
solution
17© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 17© 2017 IDERA, Inc. All rights reserved.
ENTERPRISE DATA ARCHITECTURE VS. GDPR
18© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 18© 2017 IDERA, Inc. All rights reserved.
TACKLING GDPR WITH ENTERPRISE DATA
ARCHITECTURE
• Create and maintain awareness towards GDPR compliance across the organization
• Understand the current data landscape for better GDPR compliance
• Check existing processes & procedures regarding currency towards GDPR
• Review privileges and accountabilities to data and its flow
• Document individual rights• Security management and data breach notification• Data governance, collaboration and data protection
impact assessment
19© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 19© 2017 IDERA, Inc. All rights reserved.
CREATE AWARENESS
20© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 20© 2017 IDERA, Inc. All rights reserved.
CREATE AWARENESS
21© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 21© 2017 IDERA, Inc. All rights reserved.
UNDERSTAND THE DATA LANDSCAPE
22© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 22© 2017 IDERA, Inc. All rights reserved.
UNDERSTAND THE DATA LANDSCAPE
23© 2016 IDERA, Inc. All rights reserved.
SAP, S/4HANA, SAP BW
SALESFORCE
ORACLE EBUSINESS SUITE
SIEBEL
PEOPLESOFT
JE EDWARDS
MS DYNAMICS AX
OTHER PACKAGED
APPLICATIONS
METADATA
EXTRACTIONSEARCH
FILTER
SCOPE
ANALYSE
VISUALISE
COMPARE
CREATE
REPORT
RESULTS
Fast software driven access to ERP and CRM metadata
Accurate and includes customisations
Intuitive analysis
Share results
UNDERSTAND THE DATA LANDSCAPE WITH SILWOOD’S SAFYR
– IDENTIFY, DESCRIBE & CATALOG APPLICATION METADATA
Broader reach of solution
Differentiator / Equaliser
Accelerate sales / overcome objection about CRM/ERP
24© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 24© 2017 IDERA, Inc. All rights reserved.
UNDERSTAND THE DATA LANDSCAPE
25© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 25© 2017 IDERA, Inc. All rights reserved.
UNDERSTAND THE DATA LANDSCAPE
26© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 26© 2017 IDERA, Inc. All rights reserved.
CHECK EXISTING PROCESSES AND PROCEDURES
WITH ER/STUDIO BUSINESS ARCHITECT
27© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 27© 2017 IDERA, Inc. All rights reserved.
REVIEW DATA PRIVILEGES AND ACCOUNTABILITIES
28© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 28© 2017 IDERA, Inc. All rights reserved.
REVIEW DATA PRIVILEGES AND ACCOUNTABILITIES
WITH ER/STUDIO DATA LINEAGE AND ER/ETL
29© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 29© 2017 IDERA, Inc. All rights reserved.
DOCUMENT AND MANAGE INDIVIDUAL RIGHTS
30© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 30© 2017 IDERA, Inc. All rights reserved.
DOCUMENT AND MANAGE INDIVIDUAL RIGHTS
31© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 31© 2017 IDERA, Inc. All rights reserved.
DOCUMENT AND MANAGE INDIVIDUAL RIGHTS
32© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 32© 2017 IDERA, Inc. All rights reserved.
SECURITY MANAGEMENT AND BREACH
NOTIFICATION WITH ER/STUDIO DATA ARCHITECT
33© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 33© 2017 IDERA, Inc. All rights reserved.
SECURITY MANAGEMENT AND BREACH NOTIFICATION
WITH ER/STUDIO BUSINESS ARCHITECT
34© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 34© 2017 IDERA, Inc. All rights reserved.
DATA GOVERNANCE, COLLABORATION, DPIA
35© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 35© 2017 IDERA, Inc. All rights reserved.
DATA GOVERNANCE, COLLABORATION, DPIA
36© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 36© 2017 IDERA, Inc. All rights reserved.
DATA GOVERNANCE, COLLABORATION, DPIA
37© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 37© 2017 IDERA, Inc. All rights reserved.
SUMMARY – ER/STUDIO ENTERPRISE EDITION
VS. GDPR
It meets data privacy and industry compliance by design and default. Leveraging integrated process and data modeling tools helps to setup
data governance and create awareness about GDPR, the rules and its business impact
Helps to discover existing systems and processes and new projects and maintain our data fields in line with the GDPR rules.
It gives organizations visibility into their applications, databases and processing activities holding critical information for GDPR compliance.
It serves as a collaboration platform for sharing information related to different applications and systems across the organization.
It helps to document and encourage discussions on data how organizations are complying with GDPR legislation within the organization and external regulators in case of an audit.
40© 2016 IDERA, Inc. All rights reserved.
THANKS!Any questions?
You can find me at:Sultan.Shiffa@idera.com
Recommended