Upload
nguyentram
View
213
Download
0
Embed Size (px)
Citation preview
A practical approach towards Big Data in the
context of the upcoming EU data privacy and data
protection regulation
SAS Forum 2015
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Privacy – What’s ongoing?
3
EU - GDPR
NL Data Breach
Safe Harbour
Russian localization law
White house
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
GDPR: When?
4
This push for data protection rights is apparent in the General Data Protection Regulation (the “Regulation”), which is still in
draft form. In addition to Mr. Juncker, the new European Data Protection supervisor, Mr. Giovanni Buttarelli, and
several members of the European Parliament, including the German member of parliament who has been central to driving
through the Regulation, Mr. Jan Philipp Albrecht, have all called for the Regulation to be finalized this
year or end of Jan 2016.
Data subject’s rights
Companies & Org. rights
Parliament approval 03/2014
Commission & parliament
Council
Current
Tripartite (Q2-Q3)
Final publishing01/2016
* Based upon insights available at this point & best guess estimations
focus
Time
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Why are data breaches such a big issue for a company ?
5
Data breach
GDPR
Fines*:
Up to 5% or 10% of
(global) turnover or
up to 100 MIO Euro
Reputation loss &
loss of
customer/supplier/e
mployee trust
Cost/ breached
record = +200 €
Personal liability
Financial losses
Convictions Board, CEO and
shares affected
Informing data
subjects & gov.
*fines are already being imposed in the EU based upon the current legislation (e.g. Italy, Spain, Ireland,…)
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Do we only need to care about privacy
because of this new National & EU regulations?
6
Regulatory
Strong growth in Data
breaches
Increased (EU)
citizen concern about
their privacy
Hard for companies
to differentiate
Execute
privacy
Roadmap
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
GDPR:
Privacy is about more than just consent:
7
•Any processing of personal identifiable information
•data portability
•data breaches
•capturing and managing all types of consent, channels, texts, products, type
of consent,…
•data privacy by design, data minimisation
•data exchange (Safe harbour is invalid,…)
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
What (personal) data will be affected?
8
Store the personal
data/information/conte
nt
Document the use* of
“personal”
data/information/conte
nt
* processing, data mining,
analytics, distribution,…
Personal data & information must be
accurate and kept up-to-date &
kept in a form which permits identification no longer than necessary.
… privacy by design
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
10
Anonymization = Privacy by design
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
12
Legal The path to compliance is paved with… IM capabilities
Information management capabilities
are the key to privacy compliance
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
13
Data privacy as
a limitation/opportunity
to information mgt.
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
1414
Do I have
consent?
How do I
master
consent and
personal
data?
14
Data mastering & consent
handling
Data
Quality
Privacy/conse
nt master
Party-MDM
Metadata
Mgt.
Sensitive data
warnings
…
Priv
acy b
y d
esig
n
Data
& In
form
atio
n g
overn
ance
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Data Quality
16
Personal data
is blocked for
processing if
quality is not ok
Information
lifecycle mgt.
Data
Quality
Privacy/conse
nt master
Party-MDM
Sensitive data
warnings
…
Priv
acy b
y d
esig
n
Data
& In
form
atio
n g
overn
ance
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Ok, MDM and Data Quality, but what about Big Data?
19
Data lake1) Privacy assured
shore data2) Consent for data
lake? Sensitive data?…
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Big data processing
20
Big Data
Processing Sensitive data
warnings
Data QualityMetadata
Mgt.
Priv
acy b
y d
esig
n
Data
& In
form
atio
n g
overn
ance
Privacy/conse
nt master
Party-MDM
Data lake
Manage
Data Lake
input
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
TowardsValue out of
big data&
Privacy compliance
- Data & information governance- Policies & enforcement
- MDM & Privacy master - Information en solution architecture- Metadata (fish finder in data lakes)
- Data Quality- Integration
- Information lifecycle mgt.
- PII scope- Data privacy by design
& data minimization
Manage your
data lake input
Pull your data into a
‘green‘ privacy
compliant shore
Analytics/insight – Data
science/discovery
Operational use
Gain customer trust
Differentiate on privacy
DPO & Org & governance/enforcement (combi legal,…)
Check sensitive
data
Check consent
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Can I still
profile, data
mine personal
(children)
data?
What about
data science?
Can we use
personal data in
BI/Advanced
analytics and to
what level do
we ananymize?
Data
Quality
Privacy/conse
nt master
Party-MDM
Metadata
Mgt.
Sensitive data
warnings
…
Priv
acy b
y d
esig
n
Data
& In
form
atio
n g
overn
ance
Analytics
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
(Big) Data exchange?
24
Can I still
exchange
(Big) personal
data to other
countries ?
BCR, Safe
country
list,…
Data
Quality
Privacy/conse
nt master
Party-MDM
Metadata
Mgt.
Sensitive data
warnings
…
Priv
acy b
y d
esig
n
Data
& In
form
atio
n g
overn
ance
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Data breach
prevention
Data breach
scenarioWhat do I
need (to do) in
case of a (Big)
Data breach ?
Privacy/conse
nt master
Party-MDM
Data
Quality
Data breach
Breach on
breach
prevention?
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Monitoring and reporting on privacy?
26
What does a company (DPO) need to monitor and report with regards to privacy?
Information
lifecycle
Data
Quality
Privacy/conse
nt master
Party-MDM
Reporting
Operational
& analytical
Segmentatio
n
Data quality
reports as
part of audit.
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
29
Data quality relevant to most privacy
topics
MDM
Data Quality
Info/Data gov.
Monitoring and reporting
on privacy
Data breach
Data exchange
Analytics
Big data
processing
Data processing
Data mastering &
consent handling
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Archiving
Analytics
Se
rvic
e l
aye
r
Approach: Data privacy & protection as a service?
30
Master
(MDM)
Se
rvic
e l
aye
r
UI /
Po
rtal
Service requests
Service reply’s
Security, automated request handling,…
Doc. mgt
Master (ECM)
CRM
ERPE-com
…Operational
Party MDM
ESB, industry specific messages,…
Analytics
Analytics
Identity Mgt.
Identity Mgt.
Data quality service
Metadata-mgt (repository)Industry specifc metadata
mgt.
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Se
rvic
e l
aye
r
Approach: Data privacy & protection as a service?
31
DWH
Se
rvic
e l
aye
r
UI /
Po
rtal
Service requests
Service reply’s
Security, automated request handling,…
Doc. mgt
Master (ECM)
ESB, industry specific messages,…
BI
Analytics
Identity Mgt.
Identity Mgt.
Data quality service
Metadata-mgt (repository)Industry specifc metadata
mgt.
DQ
Archiving
Analytics
CRM
ERPE-com
…Operational
Party MDM
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Concluding: Privacy as a positive differentiator
32
B2B vs B2C - behind every B there’s a C
Use privacy as an opportunity - explain the
customer upon asking consent the value
Privacy as an opportunity for information
management including big data & data science
Privacy as a differentiator (Nike, Apple, …)
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Closing remark:
33
The ability to ensure
privacy & protection of
person’s data
is becoming a crucial
differentiator
for more and more
companies
and their customers.
Copyrig
ht –
All In
telle
ctu
al
Rig
hts
Reserv
ed 2
014-
inpuls
,
Inpuls
Duwijckstraat 17
2500 Lier
Belgium
T +32 3 443 17 43
M +32 475 94 14 51
Email:
Web: www.inpuls.eu
Thank you
An Information Management and Data Insight company
Inpuls
Duwijckstraat 17
2500 Lier
Belgium
T +32 3 443 17 43
M +32 475 94 14 51
Email:
Web: www.inpuls.eu
Thank you
An Information Management and Data Insight company 34