Professional Documents
Culture Documents
GDPR – Now
“Data Governance
in a New World”
1
June 20, 2018
Agenda
1:35 III. Role of Data Governance in GDPR 2:15 VI. Summary & Questions.
Section 1 - Introduction
Three-Legged GDPR Stool
Company Overview
Practice Overview
Speaker Bio
Partnerships
Trusted Data
Practice
2
June 20, 2018
Speaker - Bio
Michael G. Miller is a Principal Consultant, member of Infosys - Data and Analytics (DNA)
group with concentrations in Data and Information Strategy, Data and Information
Governance, as well as Regulatory Compliance (GDPR, BCBS239, CCAR, KYC, AML, SOX,
etc.) for global customers.
Mr. Miller has over 30 years of business & IT experience in banking, securities and insurance
starting his career in IT and then moving on to consulting and teaching roles in enterprise
architecture (TOGAF), business intelligence and data governance. Mr. Miller holds an BBA &
4 Master degrees (MBA, MPM, MTM & MISM) as well as 2 years of doctoral work in Applied
Management and Decision Science.
Infosys helps enterprises create and execute strategies for their digital transformation. We help our clients find the right
problems to solve, and to solve these effectively. Our team of innovators, across the globe, is differentiated by the
imagination, knowledge and experience, across industries and technologies that we bring to every project we undertake.
Automation repurposed
17,435 engineers trained in 98.7% business
1,173 clients 11,000 people’s effort into
3+ programming languages is repeat business
more valuable tasks
15,000+ employees trained
Zero Bench for sustained 2% of avg. net profits over 3
Clients in over 50 countries in new technologies &
engagement of employees fiscals to Infosys Foundation
platforms
15,000 projects driven by
84 offices and 116 967 employees mentored in Award winning sustainable
employees innovating
development centers executive leadership delivery centers
through Zero Distance
3
June 20, 2018
Partnership Ecosystem
Data
Discovery
Data Archival
& Information DPO
Life Cycle Dashboarding
Management
GDPR
Data
Data Security
Integration
Data Masking
4
June 20, 2018
Trusted Data
“Society as a whole can benefit from more reliable, distributed data and information.
In this era of fake news and state actor interference in elections, creating technology-driven trust offers the
potential to restore faith in our shared institutions”. David Shrier – MIT *2
*1&2 Forbes: “Getting to Trusted Data via AI, Machine Learning, and Blockchain”, by Randy Bean
https://www.forbes.com/sites/ciocentral/2018/06/17/getting-to-trusted-data-via-ai-machine-learning-and-blockchain/2/#1e3084623ee8
5
June 20, 2018
Trust
D
a
t
a
G
o
v.
11 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
Personal Data
What is GDPR?
GDPR Statistics
GDPR Scope
6
June 20, 2018
GDPR
Now
EU GDPR Deadline Date: May 25, 2018 - Time’s Up! You are late.
http://www.eugdpr.org/
7
June 20, 2018
11 Chapters
173 Recitals
99 Articles
55,752 Words
88 Pages
3,872 Lines
The biggest change to data protection
laws in 20 years.
Name
EU GDPR Scope – 32 Countries Name
1 Austria 15 Italy
2 Belgium 16 Latvia
3 Bulgaria 17 Lithuania
4 Croatia 18 Luxembourg
5 Cyprus 19 Malta
6 Czech Republic 20 Netherlands
7 Denmark 21 Poland
8 Estonia 22 Portugal
9 Finland 23 Romania
10 France 24 Slovakia
11 Germany 25 Slovenia
12 Greece + 4 EFTA countries - 26 Spain
Iceland, Liechtenstein, Norway, and Switzerland
13 Hungary 27 Sweden
[forming the European Free Trade Association (EFTA)].
14 Ireland 28 United Kingdom
16
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
8
June 20, 2018
Data Subject
Data Owner
Data Processor
Third Parties
17
What is GDPR?
• On May 25th, 2018 Europe’s Data Protection Regulation (GDPR) laws went live. Companies doing
business in the European Union now need to comply with a new set of regulations designed to
protect the private data of a data subject of the European Union (EU) Europe’s residents. That is,
not just citizens, but any resident of the EU, whether an EU citizen or not.
• GDPR will require more explicit explanations of private data being collected, how it will be used,
and in many cases, the hiring of a DPO (Data Protection Officer) to oversee compliance.
• As a result, the cost of doing business in Europe is about to go up. It’ll cost more to come into
compliance with the new regulation and directives, and it’ll cost more to operate in Europe going
forward. It’s the strictest set of government privacy laws regulating data on the internet so far, and it’ll
be years before we understand its full effects as well as it spread beyond EU borders.
• Some companies are already feeling the burden. Some businesses are going out-of-business,
rather the pay the expenses incurred to comply to GDPR, some have closed as of May 24, 2018.
9
June 20, 2018
Trust
D
a
t
a
G
o
v.
20 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
10
June 20, 2018
PD = Personal Data
Security Privacy
PD
Data
Governance
DMBOK Wheel
22
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
11
June 20, 2018
Data
Data
12
June 20, 2018
PD
PD PD
PD PD PD
PD PD
PD PD
PD
Modified version of DAMA DMBOK (Data Management Body of Knowledge II) 2013
26
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
13
June 20, 2018
27
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
G
D
P
R
P
D
28
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
14
June 20, 2018
29
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
30
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
15
June 20, 2018
Framework
Game Plan
Architecture
Budget
https://www.infosys.com/gdpr/
16
June 20, 2018
GDPR Budget
“The average annual budget for SEVEN AREAS FOR GDPR BUDGET TOTAL
34
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
17
June 20, 2018
Information
Customer Interaction Services Data Portability Services Governance
Customer Data Collection , Generation
Data Integration
DPO Dashboard &
Reporting
Assess Define & Design Administer & Implement Monitor & Secure
Assess, Envision and Roadmap Architect, Validate and Design Build, Test and Integrate Stabilize and Improve
Develop Revised Architecture and IT
GDPR Compliance Assessment Build Data Management Framework Roadmap Realization
Infrastructure Plan
Evaluate process and technology Refine Personal Data Reporting Testing under Normal and
GDPR Strategy Realization
landscape Complete, Accurate, Adaptable, Timely Stress/Crisis Situation
18
June 20, 2018
Architect Data
Re-Alignment of Management Processes Design
Operations Governance Model Framework Maximize automation in Develop
Based on implemented Plan to establish DPO Compliant, Adaptable, personal data collection / Revised Architecture and
changes Organization Optimized aggregation / reporting IT Infrastructure Plan
Change Record of
Breach Monitoring
Monitor &
Management Processing
Secure
3
7
Change
Policy Definition Data Standardization Data Extraction Access Management Management
GDPR
Assessment and
Gap Analysis Data
Discovery Data Classification Data Retention Consent Management
Process
Assessment and
Definition Data Catalogue Data Minimization Breach and Incident Management
Training and
awareness
19
June 20, 2018
More Regulations
Digital Business
GDPR Myopia
Key Benefits
39
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
• Data Protection Regulation Myopia, aka. GDPR nearsightedness, as it is defined by me, is a vision
condition in which people can see close data protection regulations (e.g. GDPR General Data
Protection Regulation) clearly, but other data protection regulations appear farther away and appear
blurred. People suffering with GDPR Data Protection Regulation myopia can have difficulty clearly
seeing all the other data protection regulations on the horizon or across the entire globe.
‘Your data governance vision needs to look at the bigger picture & a much longer time horizon.’
• GDPR Myopia occurs if a person or company stares too long at the GDPR (88 page) regulation and
does not see other data protection regulations in a much broader scope of vision. As a result, the
person or company’s data protection vision isn't focused correctly, and distant regulation compliance
looks blurred. This can result in severe data protection compliance risk, which is both potentially
hazardous to your financial health as well as your company’s compliance reputation.
40
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
20
June 20, 2018
https://inc42.com/features/justice-srikrishna-committee-to-finally-table-data-protection-bill-report-but-its-only-half-the-battle-won/
41
42
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
21
June 20, 2018
Unfortunately, 90 percent of data created in the IoT is never captured, studied or utilized.
Furthermore, up to 60 percent of that data almost immediately loses its value. So, most of the data is
never turned into insights. And that is where the true potential of the IoT lies. It’s not just the devices
that generate valuable data, but also the intelligence that is built to consume that data, analyze it and
generate actionable insights.”
• IoT Data Governance will be necessary to fully exploit the IoT (Internet of Things).
43
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
“The biggest issues surrounding the use of personal data today come from not
knowing where this data is stored, who is looking at it, or what is being
done with this information. …General Data Protection Regulation (GDPR),
begins to address these issues, there is still a need to provide technology
infrastructure that will enable trusted data sharing. Blockchain approaches,
…, provide a path to a trusted data framework which can ensure:
• more secure personal information
• better access to data through a personal data store
• an unchangeable audit trail of who’s done what with personal information.”
Forbes: “Getting to Trusted Data via AI, Machine Learning, and Blockchain”, by Randy Bean
https://www.forbes.com/sites/ciocentral/2018/06/17/getting-to-trusted-data-via-ai-machine-learning-and-blockchain/2/#1e3084623ee8
44
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
22
June 20, 2018
Data Governance will need to lead in the development of a whole new set Personal Data Privacy and
Protection Principles, Guidelines, Policies, and Procedures for
- who uses personal data,
- for what purpose,
- when data is used,
- where data is used,
- how data is used,
- why data is used and
- when data should be disposed of.
This will be necessary In order to promote the appropriate behavior of all parties with respect to the use
of data as a corporate asset and to ensure the data does not become a corporate liability.
45
PD
PD PD
PD PD
PD
4 Areas of Focus
This is where the PD PD
data costs occur,
and this is where
the data benefits PD PD
lie.
PD
Modified version of DAMA DMBOK (Data Management Body of Knowledge II) 2013
46
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
23
June 20, 2018
47
Region 2
Country 2 Data Governance Country 5
48
Etc.
Country 1 Country 3… Country 4 Country 6 Country 7
Modified version of DAMA DMBOK (Data Management Body of Knowledge II) 2013
24
June 20, 2018
More Information
Key Action Items
Key Focus Areas
Questions
49
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
Trust
D
a
t
a
G
o
v.
50 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
25
June 20, 2018
51
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
https://www.infosys.com/gdpr/
52
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
26
June 20, 2018
• Official Journal of the European Union L119 Legislation Volume 59 4 May 2016
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement of such data, and repealing
Directive 95/46/EC (General Data Protection Regulation)
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AL%3A2016%3A119%3ATOC
• Business and Dynamic Change: The Arrival of Business Architecture – June 3, 2015
by Frank F. Kowalski and Gil Laware – Editors
Chapter 1 ‘Business Architecture – Information Necessity’ - Michael G. Miller author
https://www.amazon.com/Business-Dynamic-Change-Arrival-Architecture/dp/0986321427/ref=sr_1_3?s=books&ie=UTF8&qid=1528908155&sr=1-
3&keywords=Business+and+Dynamic+Change&dpID=51q7jWeUTcL&preST=_SY291_BO1,204,203,200_QL40_&dpSrc=srch
53
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
54
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
27
June 20, 2018
Questions?
T h a n k Y o u
Thank You
28