GDPR-Now Data Governance in A New World DAMA Chgo

June 20, 2018
GDPR – Now
“Data Governance
in a New World”
DAMA-Chicago June 20, 2017

By Michael G. Miller - michael.miller@infosys.com
Infosys - Data and Analytics (DNA) - Principal Consultant
What a difference 364 days make…
On June 21, 2017, I asked the DAMA -

Chicago audience; how many knew
what GDPR was?
Three answered, yes…..now ____?
Europe's GDPR outranks Beyonce on

Google Search
“Europe's General Data Protection
Regulation is getting a lot of attention right
now. In fact, the GDPR appears to be https://www.cnbc.com/2018/05/23/europes-gdpr-outranks-beyonce-on-
outranking even Beyoncé: The term "GDPR" google-search.html
is trending higher in Google Search volume

than Queen Bey.”
1
June 20, 2018
Agenda
1:15 I. Introduction 1:45 IV. Is my organization affected?

How should I prepare?
II. What is GDPR (General Data V. Future of Data Governance &

1:25 Protection Regulation) (EU 2016/679)?
2:00 Data Protection Regulations.
1:35 III. Role of Data Governance in GDPR 2:15 VI. Summary & Questions.
3 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved
Section 1 - Introduction
Three-Legged GDPR Stool
Company Overview
Practice Overview
Speaker Bio
Partnerships
Trusted Data
Practice
2
June 20, 2018
Speaker - Bio
Michael G. Miller is a Principal Consultant, member of Infosys - Data and Analytics (DNA)
group with concentrations in Data and Information Strategy, Data and Information
Governance, as well as Regulatory Compliance (GDPR, BCBS239, CCAR, KYC, AML, SOX,
etc.) for global customers.
Mr. Miller has over 30 years of business & IT experience in banking, securities and insurance
starting his career in IT and then moving on to consulting and teaching roles in enterprise
architecture (TOGAF), business intelligence and data governance. Mr. Miller holds an BBA &
4 Master degrees (MBA, MPM, MTM & MISM) as well as 2 years of doctoral work in Applied
Management and Decision Science.
Most notable, a DAMA-Chicago founding member October, 1986.
Infosys - The Next-generation Consulting & Systems Integration Company
Infosys helps enterprises create and execute strategies for their digital transformation. We help our clients find the right
problems to solve, and to solve these effectively. Our team of innovators, across the globe, is differentiated by the
imagination, knowledge and experience, across industries and technologies that we bring to every project we undertake.
Corporate People Learning Purpose
Founded in Pune, World’s largest corporate Use advances in technology

200,000+ employees globally
India in 1981 university to amplify human potential
135,000+ employees trained

~$11 billion in revenues 72,248 women employees $500 million innovation fund
in Design Thinking
Automation repurposed
17,435 engineers trained in 98.7% business
1,173 clients 11,000 people’s effort into
3+ programming languages is repeat business
more valuable tasks
15,000+ employees trained
Zero Bench for sustained 2% of avg. net profits over 3
Clients in over 50 countries in new technologies &
engagement of employees fiscals to Infosys Foundation
platforms
15,000 projects driven by
84 offices and 116 967 employees mentored in Award winning sustainable
employees innovating
development centers executive leadership delivery centers
through Zero Distance
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

6
3
June 20, 2018
Infosys Expertise in Privacy and Compliance
PRACTICE CONSULTANTS TALENT &

ALLIANCES CLIENTS
OFFERINGS COMPETENCY
• Expertise in GDPR, PCI • 20+ Strategic

CONSULTING SERVICES COMPLIANCE CONSULTANTS DSS, SOX, National Partnerships AMERICAS
Privacy Laws, GLBA,
SECURITY, RISK & COBIT, HIPAA, NERC • Strategic Alliances with
DATA & RISK
COMPLIANCE leading product
• Dedicated Security & companies – HP, IBM,
DATA PRIVACY & Compliance CoE with Informatica, Intel, CA,
GOVERNANCE & RISK
SECURITY focused GDPR Sub Vormetric… EUROPE
Practice
DATA GOVERNANCE • Access to product
IDENTITY MANAGEMENT • 50 + Accelerators,
Templates for GDPR updates and full range
APP & INFRA SECURITY Assessment of product suites

APP/DATA SECURITY ROW
• Solution Models and
Constructs for GDPR
INDEPENDENT TESTING SECURITY TESTING
implementation
Infosys has been positioned as a

Infosys has been positioned as a Infosys has been positioned as a
High Achiever in the 2017
Leader in the 2017 NelsonHall Leader in the 2017 NelsonHall
NelsonHall NEAT vendor evaluation
NEAT vendor evaluation for Big NEAT vendor evaluation for Digital
for Managed Security Services
Data & Analytics Testing
Partnership Ecosystem
Data
Discovery
Data Archival
& Information DPO
Life Cycle Dashboarding
Management
GDPR
Data
Data Security
Integration
Data Masking
4
June 20, 2018
Infosys’ own journey in safeguarding privacy of our clients, employees,

contractors and vendors… We practice what we recommend…..
Trusted Data
“Establishing trust in data is an essential requirement for businesses

and entities for whom credible, reliable information is the lifeblood.
As enterprises seek to manage data as an asset, it becomes increasingly vital
that data sources are trusted and verifiable.” – Randy Bean - Forbes *1
“Society as a whole can benefit from more reliable, distributed data and information.
In this era of fake news and state actor interference in elections, creating technology-driven trust offers the
potential to restore faith in our shared institutions”. David Shrier – MIT *2
*1&2 Forbes: “Getting to Trusted Data via AI, Machine Learning, and Blockchain”, by Randy Bean
https://www.forbes.com/sites/ciocentral/2018/06/17/getting-to-trusted-data-via-ai-machine-learning-and-blockchain/2/#1e3084623ee8
5
June 20, 2018
Three-Legged GDPR Stool - (Compliance Components for GDPR Success)
Trust
D
a
t
a
G
o
v.
Section II – What is GDPR (General Data Protection Regulation) (EU 2016/679)?

The Day the World Changed
Three-Legged GDPR Stool

Compliance Components
GDPR - Key Implications
Impact EU vs Global
Personal Data
What is GDPR?
GDPR Statistics
GDPR Scope
6
June 20, 2018
May 25, 2018

Directive 95/46/EC
GDPR
Now
Before GDPR Post GDPR
“Personal Data Earth Quake”

EU GDPR Deadline Date: May 25, 2018 - Time’s Up! You are late.
http://www.eugdpr.org/
7
June 20, 2018
GDPR turns data protection on its ear.
20,000,000 Fines (in Euro)

1,496 Paragraphs
1 Regulation
11 Chapters
173 Recitals
99 Articles
55,752 Words
88 Pages
3,872 Lines
The biggest change to data protection
laws in 20 years.
Name
EU GDPR Scope – 32 Countries Name
1 Austria 15 Italy
2 Belgium 16 Latvia
3 Bulgaria 17 Lithuania
4 Croatia 18 Luxembourg
5 Cyprus 19 Malta
6 Czech Republic 20 Netherlands
7 Denmark 21 Poland
8 Estonia 22 Portugal
9 Finland 23 Romania
10 France 24 Slovakia
11 Germany 25 Slovenia
12 Greece + 4 EFTA countries - 26 Spain
Iceland, Liechtenstein, Norway, and Switzerland
13 Hungary 27 Sweden
[forming the European Free Trade Association (EFTA)].
14 Ireland 28 United Kingdom
16
8
June 20, 2018
General Data Protection Regulation (GDPR) - People Involved
Data Subject
Data Owner
Data Processor
Data Protection Officer
Data Protection Authority
Third Parties
17
What is GDPR?
• On May 25th, 2018 Europe’s Data Protection Regulation (GDPR) laws went live. Companies doing
business in the European Union now need to comply with a new set of regulations designed to
protect the private data of a data subject of the European Union (EU) Europe’s residents. That is,
not just citizens, but any resident of the EU, whether an EU citizen or not.
• GDPR will require more explicit explanations of private data being collected, how it will be used,
and in many cases, the hiring of a DPO (Data Protection Officer) to oversee compliance.
• As a result, the cost of doing business in Europe is about to go up. It’ll cost more to come into
compliance with the new regulation and directives, and it’ll cost more to operate in Europe going
forward. It’s the strictest set of government privacy laws regulating data on the internet so far, and it’ll
be years before we understand its full effects as well as it spread beyond EU borders.
• Some companies are already feeling the burden. Some businesses are going out-of-business,
rather the pay the expenses incurred to comply to GDPR, some have closed as of May 24, 2018.
9
June 20, 2018
GDPR - Key Implications

 European Union’s GDPR replaces the DIRECTIVE 95/46/EC. There is a need for organizations to assess their current
environment and implement new ‘Data framework’ to be GDPR compliant before 25th May 2018.
 The regulation is applicable not only to the EU nations but also to all the Non-EU nations who process personal data
of EU residents or provide services to EU residents
Data controllers must

Fines up to 4% of notify most data
annual worldwide breaches without
turnover or €20 undue delay and,
million, whichever is where feasible, within
higher 72 hours of
awareness
Right to be forgotten International

– New rights for data Transfer of Data will
subjects be governed by GDPR
Need for enhanced

Explicit consent to be
security and
provided by data
Governance - DPO
subjects before data
(Data Protection
processing
Officer)

1
Trust
D
a
t
a
G
o
v.
10
June 20, 2018
GDPR Personal Data Data & Data Governance
PD = Personal Data
Security Privacy
PD
Data
Governance
Section III – Role of Data Governance in GDPR

Data Security & Data Privacy
Effective Data Governance

Data Asset/Data Liability
Data Governance Structure

GDPR & DMBOK Wheel
Data Governance
DMBOK Wheel
22
11
June 20, 2018
Just having Data Security & Data Privacy,

does not ensure your data is GDPR compliant.
Security minds the safe.

Privacy minds the combination.
Data
Who’s minding the Data?
Data has to be governed, managed & maintained to determine its value as

a corporate data asset or liability, and to identify its compliance risk.
Security minds the safe.

Privacy minds the combination.
Data
Who’s minding the Data?

Data Governance
minds the data.
12
June 20, 2018
Data Governance & DMBOK Wheel
DAMA DMBOK (Data Management Body of Knowledge II) 2013

25
GDPR Personal Data Data Governance
PD
PD PD
PD PD PD
PD PD
PD PD
PD
Modified version of DAMA DMBOK (Data Management Body of Knowledge II) 2013
26
13
June 20, 2018
Data Governance Structure
27
GDPR Personal Data Data Governance Structure
G
D
P
R
P
D
28
14
June 20, 2018
Effective Data Governance
29
GDPR PD Effective Data Governance
GDPR – Personal Data
30
15
June 20, 2018
Section IV - Is my organization affected? How should I prepare?
Data Gov. Activities

Key Benefits
Focus Areas
Framework
Game Plan
Architecture
Budget
Key Focus Areas
https://www.infosys.com/gdpr/
16
June 20, 2018
GDPR Budget
“The average annual budget for SEVEN AREAS FOR GDPR BUDGET TOTAL
compliance with GDPR is $13 • Technologies 17%

million.
• Personnel 19%
•Thirty-three percent of
• Consultants 10%
respondents believe the budget
for GDPR will be renewed • Managed services 28%
annually and 22 percent of
• Outside lawyers 9%
respondents say the budget will
continue indefinitely.” • Training 7%
• Business Process Engineering 10%

Source: McDermott Will & Emery LLP and Ponemon Institute LLC | Research
Report 2018
100%
33
Data Governance - Key Benefits to GDPR Compliance
34
17
June 20, 2018
Infosys Business Reference Architecture for GDPR
Information
Customer Interaction Services Data Portability Services Governance
Customer Data Collection , Generation
Customer Data Modification Customer Meta Customer Data

Customer Consent
and processing Applications
Information Service Service Model Exchange Data Standards
Strategy & Policy

Enterprise Capabilities
Metadata Data Quality Sensitive Data Discovery Customer/Consent Information Life
Management Management & Classification Hub Cycle Management Organization
Structure
Data Integration
DPO Dashboard &
Reporting
Authentication & Data Pseudonymization / Data Usage

Encryption Data / Compliance
Authorization Masking Auditing & Analysis
Application Reporting
Security
Security Testing
System Security
Communication Auditing & Breach Identification & Infrastructure
Security Monitoring Notification
Security
Infosys Framework for GDPR | ADAM

Organizational Assessment Data Governance Reporting and Data Security, Privacy,
and Data Management and Change Management Communication Accuracy and Storage
Overall Game Plan
Assess Define & Design Administer & Implement Monitor & Secure
Assess, Envision and Roadmap Architect, Validate and Design Build, Test and Integrate Stabilize and Improve
Develop Revised Architecture and IT
GDPR Compliance Assessment Build Data Management Framework Roadmap Realization
Infrastructure Plan
Gap Analysis Processes Design Supervision & Remedial Actions

Governance framework, Architecture, Personal Data Maximize automation in personal data Re-Alignment of Operations Periodic Review of Principles Within and Outside
Life Cycle collection/aggregation/reporting Jurisdiction
Evaluate process and technology Refine Personal Data Reporting Testing under Normal and
GDPR Strategy Realization
landscape Complete, Accurate, Adaptable, Timely Stress/Crisis Situation
Roadmap Strategy Program Governance Plan Refine

Transition from As-Is to To-Be GDPR Compliant Plan to establish DPO Organization
Architecture, IT Infrastructure, Data Aggregation & Commission/ Decommission
Reporting Processes
Deliverables, Accelerators, Templates
18
June 20, 2018
Overall Game Plan for GDPR Program

Evaluate process and Gap Analysis
Assess
technology landscape GDPR Compliance Assessment Governance framework, Roadmap Strategy

Data Discovery, Profiling, Understanding the as-is process & policies and Architecture, Personal Data Transition from As-Is to To-Be
Classification assess wr.r.t GDPR requirements Life Cycle GDPR Compliant
Define, Design
& Implement
Architect Data
Re-Alignment of Management Processes Design
Operations Governance Model Framework Maximize automation in Develop
Based on implemented Plan to establish DPO Compliant, Adaptable, personal data collection / Revised Architecture and
changes Organization Optimized aggregation / reporting IT Infrastructure Plan
Change Record of
Breach Monitoring
Monitor &
Management Processing
Secure
Keeping a constant Supervision &

Testing Documenting and
vigilance on any & DPIA
Under Normal and
suspicious activities that Remedial Actions conducting awareness
Stress/Crisis Situation Periodic Review session on changes Maintain a record of every
might result into data processing activity and
breach implemented for
employees conduct regular audit
3
7
GDPR Data Governance Activities in the ‘3rd Leg of the stool’

Data Governance Practices on Personal Data
DPO Data Protection
Data Ownership Data policy
establishment
Change
Policy Definition Data Standardization Data Extraction Access Management Management
GDPR
Assessment and
Gap Analysis Data
Discovery Data Classification Data Retention Consent Management
Process
Assessment and
Definition Data Catalogue Data Minimization Breach and Incident Management
Training and
awareness
Audits Data Profiling Data Quality DPO Dash-boarding
19
June 20, 2018
Section 5 - Future of Data Governance and

Data Protection Regulations
Federated Data Gov.

D.G. Areas of Concern
Internet of Things
More Regulations
Digital Business
GDPR Myopia
Key Benefits
39
Data Protection Regulation Myopia
• Data Protection Regulation Myopia, aka. GDPR nearsightedness, as it is defined by me, is a vision
condition in which people can see close data protection regulations (e.g. GDPR General Data
Protection Regulation) clearly, but other data protection regulations appear farther away and appear
blurred. People suffering with GDPR Data Protection Regulation myopia can have difficulty clearly
seeing all the other data protection regulations on the horizon or across the entire globe.
‘Your data governance vision needs to look at the bigger picture & a much longer time horizon.’
• GDPR Myopia occurs if a person or company stares too long at the GDPR (88 page) regulation and
does not see other data protection regulations in a much broader scope of vision. As a result, the
person or company’s data protection vision isn't focused correctly, and distant regulation compliance
looks blurred. This can result in severe data protection compliance risk, which is both potentially
hazardous to your financial health as well as your company’s compliance reputation.
40
20
June 20, 2018
Data Protection is coming to India
https://inc42.com/features/justice-srikrishna-committee-to-finally-table-data-protection-bill-report-but-its-only-half-the-battle-won/
41
Digital Data Governance
• Digital Business is data business, as

there can be no digital business
without digital data
• And that digital data requires digital
data security, digital data privacy, &
digital data governance for digital
data compliance.
‘Accelerating Digitalization through next-generation integration’

https://www.infosys.com/digital/insights/Documents/digitization-next-generation-integration.pdf
42
21
June 20, 2018
Internet of Things (IoT) and IoT Data Governance

“The Internet of Things will drive the Digital Transformation of Industry
• The IoT links the physical and digital worlds. The massive amounts of data that instrumented devices
collect provide businesses the opportunity to learn about the environment in which they operate,
gleaning insights that can be turned into actions. These insights can help formulate new delivery
models and fundamentally change how a business operates.
Unfortunately, 90 percent of data created in the IoT is never captured, studied or utilized.
Furthermore, up to 60 percent of that data almost immediately loses its value. So, most of the data is
never turned into insights. And that is where the true potential of the IoT lies. It’s not just the devices
that generate valuable data, but also the intelligence that is built to consume that data, analyze it and
generate actionable insights.”
• IoT Data Governance will be necessary to fully exploit the IoT (Internet of Things).
“The Internet of Things Will Drive the Digital Transformation of Industry”

By Guido Bartels
https://www.huffingtonpost.com/guido-bartels/internet-of-things-digital_b_8472410.html
43
GDPR Data Governance & Blockchain
“The biggest issues surrounding the use of personal data today come from not
knowing where this data is stored, who is looking at it, or what is being
done with this information. …General Data Protection Regulation (GDPR),
begins to address these issues, there is still a need to provide technology
infrastructure that will enable trusted data sharing. Blockchain approaches,
…, provide a path to a trusted data framework which can ensure:
• more secure personal information
• better access to data through a personal data store
• an unchangeable audit trail of who’s done what with personal information.”
Forbes: “Getting to Trusted Data via AI, Machine Learning, and Blockchain”, by Randy Bean
https://www.forbes.com/sites/ciocentral/2018/06/17/getting-to-trusted-data-via-ai-machine-learning-and-blockchain/2/#1e3084623ee8
44
22
June 20, 2018
Data Governance & Data Ethics

“According to breachlevelindex.com nearly 5 million
data records are lost or stolen every day - roughly 60
records per second.”
Data Ethics – The New Data Governance Challenge –
May 2, 2018 / by Dave Wells / in Data Management
https://www.eckerson.com/articles/data-ethics-the-new-data-governance-challenge
Data Governance will need to lead in the development of a whole new set Personal Data Privacy and
Protection Principles, Guidelines, Policies, and Procedures for
- who uses personal data,
- for what purpose,
- when data is used,
- where data is used,
- how data is used,
- why data is used and
- when data should be disposed of.
This will be necessary In order to promote the appropriate behavior of all parties with respect to the use
of data as a corporate asset and to ensure the data does not become a corporate liability.
45
GDPR – Data Governance Areas to Focus On
PD
PD PD
PD PD
PD
4 Areas of Focus
This is where the PD PD
data costs occur,
and this is where
the data benefits PD PD
lie.
PD
46
23
June 20, 2018
Infosys & MongoDB – A Strategic Relationship
47
More Data Protection Regulations and More Data Governance

May require Federated Data Governance
[Different sets of data governance per Data Protection Regulation(s) set.]
Global Data Governance
Region 1 Data Governance (ex. EU) Region 3 Data Governance
Region 2
Country 2 Data Governance Country 5
48
Etc.
Country 1 Country 3… Country 4 Country 6 Country 7
24
June 20, 2018
Section 6 - Summary & Questions

GDPR - 3 Legged Stool
More Information
Key Action Items
Key Focus Areas
Questions
49
Trust
D
a
t
a
G
o
v.
25
June 20, 2018
51
‘GDPR - Now’ -- Key Action Items
https://www.infosys.com/gdpr/
52
26
June 20, 2018
For more information…

• Infosys GDPR – Be Ready with Infosys
https://www.infosys.com/gdpr/Cached
• The GDPR deadline is closing In - Are you ready? - Infosys

https://www.infosys.com/gdpr/Documents/GDPR-deadline-closing.pdf
• Official Journal of the European Union L119 Legislation Volume 59 4 May 2016
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement of such data, and repealing
Directive 95/46/EC (General Data Protection Regulation)
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ%3AL%3A2016%3A119%3ATOC
• Business and Dynamic Change: The Arrival of Business Architecture – June 3, 2015
by Frank F. Kowalski and Gil Laware – Editors
Chapter 1 ‘Business Architecture – Information Necessity’ - Michael G. Miller author
https://www.amazon.com/Business-Dynamic-Change-Arrival-Architecture/dp/0986321427/ref=sr_1_3?s=books&ie=UTF8&qid=1528908155&sr=1-
3&keywords=Business+and+Dynamic+Change&dpID=51q7jWeUTcL&preST=_SY291_BO1,204,203,200_QL40_&dpSrc=srch
53
MIT Trust Data Initiative - for more information

• Developing privacy-preserving identity systems and safe distributed computation, enabling an
Internet of Trusted Data
MIT – Connection Science establishing cultural intelligence through technology
– https://www.trust.mit.edu/
• Towards a Design Philosophy for Interoperable Blockchain Systems
Thomas Hardjono Alexander Lipton Alex \Sandy" Pentland
MIT Connection Science
Massachusetts Institute of Technology
Cambridge, MA, May 16, 2018
– https://arxiv.org/pdf/1805.05934.pdf?
54
27
June 20, 2018
Infosys GDPR Link
Questions?
T h a n k Y o u

GDPR - Now
By Michael G. Miller - michael.miller@infosys.com
Infosys - Data and Analytics (DNA) - Principal Consultant
© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved. Infosys believes the information in this document is accurate as of its publication date; such
information is subject to change without notice. Infosys acknowledges the proprietary rights of other companies to the trademarks, product names and
such other intellectual property rights mentioned in this document. Except as expressly permitted, neither this documentation nor any part of it may be
reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, printing, photocopying, recording or
otherwise, without the prior permission of Infosys Limited and/ or any named intellectual property rights holders under this document.
Thank You

GDPR - Now
By Michael G. Miller -
michael.miller@infosys.com
Infosys - Data and Analytics (DNA) –
Principal Consultant
56
28

GDPR-Now Data Governance in A New World DAMA Chgo

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

GDPR-Now Data Governance in A New World DAMA Chgo

Uploaded by

Copyright:

Available Formats

June 20, 2018

DAMA-Chicago June 20, 2017

What a difference 364 days make…

On June 21, 2017, I asked the DAMA -

Europe's GDPR outranks Beyonce on

is trending higher in Google Search volume

1:15 I. Introduction 1:45 IV. Is my organization affected?

II. What is GDPR (General Data V. Future of Data Governance &

3 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

4 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

Most notable, a DAMA-Chicago founding member October, 1986.

5 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

Infosys - The Next-generation Consulting & Systems Integration Company

Corporate People Learning Purpose

Founded in Pune, World’s largest corporate Use advances in technology

135,000+ employees trained

© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

Infosys Expertise in Privacy and Compliance

PRACTICE CONSULTANTS TALENT &

• Expertise in GDPR, PCI • 20+ Strategic

APP & INFRA SECURITY Assessment of product suites

Infosys has been positioned as a

© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

8 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

Infosys’ own journey in safeguarding privacy of our clients, employees,

9 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

“Establishing trust in data is an essential requirement for businesses

10 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

Three-Legged GDPR Stool - (Compliance Components for GDPR Success)

Section II – What is GDPR (General Data Protection Regulation) (EU 2016/679)?

Three-Legged GDPR Stool

12 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

May 25, 2018

Before GDPR Post GDPR

“Personal Data Earth Quake”

14 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

GDPR turns data protection on its ear.

20,000,000 Fines (in Euro)

15 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

General Data Protection Regulation (GDPR) - People Involved

Data Protection Officer

Data Protection Authority

18 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

GDPR - Key Implications

Data controllers must

Right to be forgotten International

Need for enhanced

© 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

Three-Legged GDPR Stool - (Compliance Components for GDPR Success)

GDPR Personal Data Data & Data Governance

21 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

Section III – Role of Data Governance in GDPR

Effective Data Governance

Data Governance Structure

Just having Data Security & Data Privacy,

Security minds the safe.

Who’s minding the Data?

23 © 2018 Infosys Limited, Bengaluru, India. All Rights Reserved

Data has to be governed, managed & maintained to determine its value as

Security minds the safe.

Who’s minding the Data?

Data Governance & DMBOK Wheel

DAMA DMBOK (Data Management Body of Knowledge II) 2013