The Foundation for GDPR Compliance and PI/PII Protection: Understand Where Data Resides and Who Processes It
- LANGUAGE: English DATE: Tuesday, April 02, 2019 TIME: 4:00pm CEST, 10:00am EDT, 7:00am PDT
The EU GDPR requires covered organizations to be able to account for and document how personal data is collected, processed and shared. What many companies often fail to realize is that this data is not only stored in specialized and appropriately secured silos such as databases. In fact, the vast majority of their business information is in unstructured and semi-structured formats, distributed across multiple systems an services. Without consistent visibility into whose data is processed across these environments, organizations cannot adequately account for how personal data is processed - as well as lose the context they need to identify security and compliance issues such as excessive privileges. To both address the compliance need for accountability and the security need for visibility, a new approach to data understanding is needed.
Records of Processing Activity (RoPAs or GDPR Article 30) documentation of data flows is a key compliance requirement. The challenge that many organizations face is that their current approach based on surveying stakeholders is time-consuming, manual and impressionistic at best. Because the output is also divorced from the data, enterprises that are required to produce documentation for regulators and auditors are constantly playing catch up - and cannot transition to a 'continuous compliance' model as prescribed under the EU GDPR.
By contrast, a data-driven approach can automate the building and maintenance of processing activity reports based on machine insights that incorporate human input, ensuring record keeping accuracy while simplifying collaborative business context augmentation. This approach offers benefits in terms of automation, but also provides a path to privacy assurance - and a systematic approach to the GDPR principle of accountability for both internal stakeholders as well as auditors and regulators.
Join this webinar to learn more about:
- Why RoPAs are critical to compliance
- How to better automate the process through integration of business stakeholder input and data-driven insights
- Detecting unstructured data in your IT systems and identifying data owners
- Application of uniform governance guidelines in heterogeneous IT landscapes
- Automate security and compliance controls to ensure real-time problem resolution
In the first part of the webinar, Martin Kuppinger, Founder and Principal Analyst at KuppingerCole, will talk about the need for getting a grip on PI/PII, beyond GDPR. Data Governance and Continuous Compliance must become an integral element of the IT Risk Management and IT Security Architecture.
In the second part, Nimrod Vax, Chief Product Officer at BigID, will speak about the capabilities to automate data processing reports, how they fit into a continuous compliance model with services and technology partners, and the concept or privacy assurance.
BigID aims to transform how enterprise protect and manage the privacy of personal data. Organizations are facing record breaches of personal information and proliferating global privacy regulations like the EU GDPR with fines reaching 4% of annual revenue.
Today enterprises lack dedicated purpose built technology to help them track and govern their customer data at scale. By bringing data science to data privacy, BigID aims to give enterprises the software to safeguard and steward the most important asset organizations manage: their customer data.
While businesses race ahead with digital transformation, security and identity management are often being left behind. The complexity of modern organizations of all sizes has undermined the traditional concepts of privileged access management (PAM) and privileged account usage. Help desks and IT security teams are often too busy and understaffed to be able to give PAM the attention it deserves.
Come to the place where the Digital Transformation is happening. The European Identity & Cloud Conference, held from May 12-15, 2020, offers a mixture of best practice discussions, visionary presentations, and networking opportunities with a future-oriented community. More than 800 thought leaders, leading vendors, analysts, executives, and end-users get together in Munich to be inspired by a list of world-class speakers.
Attend this KC Master Class to learn how to protect privileged accounts of your company. Based on many years of experience, KuppingerCole Analysts will deliver practical knowledge on password management and automatic rotation, enforcement of the least privilege principle, vulnerability identification, risk management, central analysis, session management and monitoring, and efficient, comprehensive auditing. In four chapters, you will receive a multi-channel training including interactive online sessions, up-to-date research documents and an all-day workshop with final exam at the European Identity & Cloud Conference 2020 in Munich, Germany. Step-by-step KuppingerCole Analysts will turn you into a PAM Master that meets and exceeds privileged access management challenges of the 2020s!