are your data ready for gdpr? (with mapr and talend)

1©2017 Talend

Are your data ready for GDPR Compliance?

Track & Trace Capture & Connect Secure & Protect Certify & Curate Publish & Share

USING A DATA HUB TO PROTECT PERSONAL DATA

2©2017 Talend


Rémi ForestSolution Engineer

Jean-Michel FrancoSr Product Mkt Director

3

GDPR and Data Governance: why, and why now?

Drawing the Roadmap for GDPR

Setting up the GDPR foundations with a Data Hub

Establishing the 5 pillars for GDPR compliance with MAPR and Talend

What’s next on your GDPR journey?

Agenda

4

• Jean-Michel Franco, X2 years old, passionate about running

• Sr Director for Data Governance Products at Talend

• 2X experience in data management

• Engaged citizen in a data driven world (@jmichel_franco)

Let’s talk about personal data

What I want to share

Want to know More ? • Ask Google for my Physical/Digital journeys

• Ask Garmin for my physical & Experian for my financial health

• Ask Amazon for my buying & Waze for my driving behavior

• Ask Facebook for my personal & LinkedIn for my professional details

But don’t ask my doctor, he has taken the Hippocratic Oath

5

Beyond GDPR: it’s all about Trust and Transparency

BREAKING NEWSData Leaks

Equifax breach exposed data for 143 million consumers

Last year’s privacy fines would be 79 times higher under GDPRDieselgate forces German carmakers to rethink their future

, Privacy Violations and Data Flaws

Data Governance is no more an option

6

Potential cost of for non compliance

GDPR starts in 220 days: Will you be ready?

4%of globalrevenue

Budget devoted to data protection

0.004%of globalrevenue

50%won’t meet

deadline

The pressure is on IT

Source: European Commission, TeachPrivacy, Gartner

7

GDPR (General Data Protection Regulation) in a nutshell• Protects privacy for individuals

• Goes into effect in 2018 (May, 25th).

• Increase powers of authorities to take action against non compliant business.

Tough penalties:

Fines up to 4% of annual global revenue

or €20 million (whichever is greater)

Broad definition:

Personal data includes identifiers such as

digital/online, genetic, mental, cultural, biometric

Worldwide

Regulation also applies to non EU companies that process

personal data of individuals in the EU.

Cross Border Data transfer :

The international transfer of data will continue to be governed

under EU GDPR rules.

Affirmative Consent: obtaining consent for

processing personal data must be clear, context

based and must seek an affirmative response.

Data Subjects Access Rights : Data Subjects have the

right to be forgotten and erased from records. Users may

request a copy of personal data in a portable format…

8

• Multiple subject areas • Customer, Employee, Prospect, Citizen, Vendor…

• Emerging data types

• Internet of Things, Logs, Biometrics…

• Multiple jurisdictions

• EU, Canada, Australia, U.S….

• Rapidly changing regulations

• GDPR, CASL, HIPAA…

Global Data Privacy is Multi-Dimensional

9

What’s Involved

GDPR – Helicopter Positioning

√

• Make sure your Data is compliant

• Unleash your data for the data subject access rights

?

• Identify, know and track your personal data

• Protect your Data and foster accountability

10

Goal

Inventory your personal data

Establish policies

Protect your data

Track and trace consent

Engage your workforce

Open your data to your data subjects

What does GDPR mean for your Data Management practices?

11

Draw your Roadmap for GDPR Compliance

2

Build your Personal Data Hub

Know your DataReconcile your dataRegain control

1

Assess your Capabilities

Identify gaps Assess risksDefine priorities and milestones

3Engage Compliance Initiatives

Consent ManagementAnonymizationRights of the data subject

13

http://talend.gdprevaluation.com/

Assess your capabilities

Connect Fill-up a 20’ questionnaire Get your readiness assessment

With


14

• Know where to find every data about every person (customer or employee)

• Collect and Store compliance related data (i.e. Consent status)

• Control who can access these data

• Trace who accessed these data

• Make sure you don’t lose this data

• Matching all this on a distributed environment is at least very challenging

What is expected?

15

• Physical or virtual consolidation of every person’s data

• Data can be enriched with compliance related information

• Single place to control and trace access

• Automatically updated based on legacy source systems

• Can be used as data source for new applications

The case for a Personal Data Hub

16

5 pillars for GDPR governance with MAPR & Talend

Map yourPersonal Data

Build yourData Subject

360°

Protect your mostSensitive Data

Delegate Accounta-

lities

ManageData Location,Movement &

Portability

17

GDPR article 4, 9 and 30

Create a Data Inventory for Compliance

Track & trace acrossthe information chain

Define your Personal Data

Connect them to your data sets

18

• Based on data inventory, consolidate all data in a single place

• Document Databases are the perfect tool

• Referential integrity is mandatory : avoid manual processes• ETL

• Change data capture

• Streaming/Real Time

• Closing the loop with source system might be needed for rights to be forgotten/rectification

Build the 360° view of the data subject

19

• Protecting data is an holistic approach

• Ensure that no data can be lost• Protect against attacks or errors : MapR Snapshots

• Protect against disaster : MapR Remote Replication

• Ensure that only authorized people have access to data:• Logical access control : ACEs and auditing

• Physical access control : in-flight and at-rest encryption

Protect personal data at infrastructure level

20

Obfuscate data for analytics

Article 5, 6, 11 and 32

Protect Personal data with Data Masking

Apply Data Masking everywhere

Capture personal footprints in your datasets

21

Certify Data with Self-Service Data Curation

Articles 4, 5, 6, 24, 25, 27

Foster accountability with Talend Data Preparation & Stewardship

Orchestrate collaborative Governance

Discover datasets and prepare data for integration

22

Article 12, 13, 14, 15, 16, 17, 18, 19, 20, 21

Respect the right of the data subject

…or deliver data services, in real time

Deliver data on request,in batch mode

23

• Your business is global, so are your data

• Your governance has to be global too

• MapR Data Fabric gives you global control over your data

Manage Data Location

24

Poll #2: Your priorities for compliance?

Multiple responses

25

“Over 80% of lost items returned”

Air France-KLM aims delight customers with personalized experience, Air France KLM creates a complete 360° view of the customer.

“The issue of security is addressed with Talend Data Quality since we process some of our clients’ personal data and this data needs to be protected. In addition, Talend Metadata Manager can determine ten times faster than before where the data is located, when it is coming from, and where it is going.”

Damien Trinité, CRM Big Data Project Manager, Air France KLM

26

MapR-FS

MapR Data Platform

MapR StreamsMapR-DB

Social Media

Converged Data Platform

Medical Info

Other PII

Banking Info

…

Ingest

Search

Data Map

Raise Alerts

…

Actions

Native Connectivity for the MapR Platform with Spark & Machine Learning


MapR + Talend architecture in a nutshell

27

What’s next in your GDPR journey?

• Self-assess your readiness: http://talend.gdprevaluation.com/

• Learn more on our joint solution : https://mapr.com/resources/mapr-

talend-gdpr-solution-brief/

• Populate your personal data hub

• Set accountabilities & orchestrate collaborative data governance

• Operationalize GDPR governance (Consent, Data Subject Access Rights,

Data Protection and Anonymization…)

Questions?


https://mapr.com/resources/mapr-talend-gdpr-solution-brief/

are your data ready for gdpr? (with mapr and talend)

Technology