A practical approach towards Big Data in the

context of the upcoming EU data privacy and data

protection regulation

SAS Forum 2015

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Privacy – What’s ongoing?

3

EU - GDPR

NL Data Breach

Safe Harbour

Russian localization law

White house

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

GDPR: When?

4

This push for data protection rights is apparent in the General Data Protection Regulation (the “Regulation”), which is still in

draft form. In addition to Mr. Juncker, the new European Data Protection supervisor, Mr. Giovanni Buttarelli, and

several members of the European Parliament, including the German member of parliament who has been central to driving

through the Regulation, Mr. Jan Philipp Albrecht, have all called for the Regulation to be finalized this

year or end of Jan 2016.

Data subject’s rights

Companies & Org. rights

Parliament approval 03/2014

Commission & parliament

Council

Current

Tripartite (Q2-Q3)

Final publishing01/2016

* Based upon insights available at this point & best guess estimations

focus

Time

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Why are data breaches such a big issue for a company ?

5

Data breach

GDPR

Fines*:

Up to 5% or 10% of

(global) turnover or

up to 100 MIO Euro

Reputation loss &

loss of

customer/supplier/e

mployee trust

Cost/ breached

record = +200 €

Personal liability

Financial losses

Convictions Board, CEO and

shares affected

Informing data

subjects & gov.

*fines are already being imposed in the EU based upon the current legislation (e.g. Italy, Spain, Ireland,…)

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Do we only need to care about privacy

because of this new National & EU regulations?

6

Regulatory

Strong growth in Data

breaches

Increased (EU)

citizen concern about

their privacy

Hard for companies

to differentiate

Execute

privacy

Roadmap

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

GDPR:

Privacy is about more than just consent:

7

•Any processing of personal identifiable information

•data portability

•data breaches

•capturing and managing all types of consent, channels, texts, products, type

of consent,…

•data privacy by design, data minimisation

•data exchange (Safe harbour is invalid,…)

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

What (personal) data will be affected?

8

Store the personal

data/information/conte

nt

Document the use* of

“personal”

data/information/conte

nt

* processing, data mining,

analytics, distribution,…

Personal data & information must be

accurate and kept up-to-date &

kept in a form which permits identification no longer than necessary.

… privacy by design

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

10

Anonymization = Privacy by design

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

12

Legal The path to compliance is paved with… IM capabilities

Information management capabilities

are the key to privacy compliance

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

13

Data privacy as

a limitation/opportunity

to information mgt.

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

1414

Do I have

consent?

How do I

master

consent and

personal

data?

14

Data mastering & consent

handling

Data

Quality

Privacy/conse

nt master

Party-MDM

Metadata

Mgt.

Sensitive data

warnings

…

Priv

acy b

y d

esig

n

Data

& In

form

atio

n g

overn

ance

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Data Quality

16

Personal data

is blocked for

processing if

quality is not ok

Information

lifecycle mgt.

Data

Quality

Privacy/conse

nt master

Party-MDM

Sensitive data

warnings

…

Priv

acy b

y d

esig

n

Data

& In

form

atio

n g

overn

ance

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Ok, MDM and Data Quality, but what about Big Data?

19

Data lake1) Privacy assured

shore data2) Consent for data

lake? Sensitive data?…

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Big data processing

20

Big Data

Processing Sensitive data

warnings

Data QualityMetadata

Mgt.

Priv

acy b

y d

esig

n

Data

& In

form

atio

n g

overn

ance

Privacy/conse

nt master

Party-MDM

Data lake

Manage

Data Lake

input

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

TowardsValue out of

big data&

Privacy compliance

- Data & information governance- Policies & enforcement

- MDM & Privacy master - Information en solution architecture- Metadata (fish finder in data lakes)

- Data Quality- Integration

- Information lifecycle mgt.

- PII scope- Data privacy by design

& data minimization

Manage your

data lake input

Pull your data into a

‘green‘ privacy

compliant shore

Analytics/insight – Data

science/discovery

Operational use

Gain customer trust

Differentiate on privacy

DPO & Org & governance/enforcement (combi legal,…)

Check sensitive

data

Check consent

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Can I still

profile, data

mine personal

(children)

data?

What about

data science?

Can we use

personal data in

BI/Advanced

analytics and to

what level do

we ananymize?

Data

Quality

Privacy/conse

nt master

Party-MDM

Metadata

Mgt.

Sensitive data

warnings

…

Priv

acy b

y d

esig

n

Data

& In

form

atio

n g

overn

ance

Analytics

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

(Big) Data exchange?

24

Can I still

exchange

(Big) personal

data to other

countries ?

BCR, Safe

country

list,…

Data

Quality

Privacy/conse

nt master

Party-MDM

Metadata

Mgt.

Sensitive data

warnings

…

Priv

acy b

y d

esig

n

Data

& In

form

atio

n g

overn

ance

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Data breach

prevention

Data breach

scenarioWhat do I

need (to do) in

case of a (Big)

Data breach ?

Privacy/conse

nt master

Party-MDM

Data

Quality

Data breach

Breach on

breach

prevention?

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Monitoring and reporting on privacy?

26

What does a company (DPO) need to monitor and report with regards to privacy?

Information

lifecycle

Data

Quality

Privacy/conse

nt master

Party-MDM

Reporting

Operational

& analytical

Segmentatio

n

Data quality

reports as

part of audit.

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

29

Data quality relevant to most privacy

topics

MDM

Data Quality

Info/Data gov.

Monitoring and reporting

on privacy

Data breach

Data exchange

Analytics

Big data

processing

Data processing

Data mastering &

consent handling

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Archiving

Analytics

Se

rvic

e l

aye

r

Approach: Data privacy & protection as a service?

30

Master

(MDM)

Se

rvic

e l

aye

r

UI /

Po

rtal

Service requests

Service reply’s

Security, automated request handling,…

Doc. mgt

Master (ECM)

CRM

ERPE-com

…Operational

Party MDM

ESB, industry specific messages,…

Analytics

Analytics

Identity Mgt.

Identity Mgt.

Data quality service

Metadata-mgt (repository)Industry specifc metadata

mgt.

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Se

rvic

e l

aye

r

Approach: Data privacy & protection as a service?

31

DWH

Se

rvic

e l

aye

r

UI /

Po

rtal

Service requests

Service reply’s

Security, automated request handling,…

Doc. mgt

Master (ECM)

ESB, industry specific messages,…

BI

Analytics

Identity Mgt.

Identity Mgt.

Data quality service

Metadata-mgt (repository)Industry specifc metadata

mgt.

DQ

Archiving

Analytics

CRM

ERPE-com

…Operational

Party MDM

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Concluding: Privacy as a positive differentiator

32

B2B vs B2C - behind every B there’s a C

Use privacy as an opportunity - explain the

customer upon asking consent the value

Privacy as an opportunity for information

management including big data & data science

Privacy as a differentiator (Nike, Apple, …)

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Closing remark:

33

The ability to ensure

privacy & protection of

person’s data

is becoming a crucial

differentiator

for more and more

companies

and their customers.

Copyrig

ht –

All In

telle

ctu

al

Rig

hts

Reserv

ed 2

014-

inpuls

,

Inpuls

Duwijckstraat 17

2500 Lier

Belgium

T +32 3 443 17 43

M +32 475 94 14 51

Email:

Jan.Henderyckx@inpuls.eu

Web: www.inpuls.eu

Thank you

An Information Management and Data Insight company

Inpuls

Duwijckstraat 17

2500 Lier

Belgium

T +32 3 443 17 43

M +32 475 94 14 51

Email:

Jan.Henderyckx@inpuls.eu

Web: www.inpuls.eu

Thank you

An Information Management and Data Insight company 34