The Foundation for GDPR Compliance and PI/PII Protection: Understand Where Data Resides and Who Processes It
- LANGUAGE: English DATE: Tuesday, April 02, 2019 TIME: 4:00pm CEST, 10:00am EDT, 7:00am PDT
The EU GDPR requires covered organizations to be able to account for and document how personal data is collected, processed and shared. What many companies often fail to realize is that this data is not only stored in specialized and appropriately secured silos such as databases. In fact, the vast majority of their business information is in unstructured and semi-structured formats, distributed across multiple systems an services. Without consistent visibility into whose data is processed across these environments, organizations cannot adequately account for how personal data is processed - as well as lose the context they need to identify security and compliance issues such as excessive privileges. To both address the compliance need for accountability and the security need for visibility, a new approach to data understanding is needed.
Records of Processing Activity (RoPAs or GDPR Article 30) documentation of data flows is a key compliance requirement. The challenge that many organizations face is that their current approach based on surveying stakeholders is time-consuming, manual and impressionistic at best. Because the output is also divorced from the data, enterprises that are required to produce documentation for regulators and auditors are constantly playing catch up - and cannot transition to a 'continuous compliance' model as prescribed under the EU GDPR.
By contrast, a data-driven approach can automate the building and maintenance of processing activity reports based on machine insights that incorporate human input, ensuring record keeping accuracy while simplifying collaborative business context augmentation. This approach offers benefits in terms of automation, but also provides a path to privacy assurance - and a systematic approach to the GDPR principle of accountability for both internal stakeholders as well as auditors and regulators.
Join this webinar to learn more about:
- Why RoPAs are critical to compliance
- How to better automate the process through integration of business stakeholder input and data-driven insights
- Detecting unstructured data in your IT systems and identifying data owners
- Application of uniform governance guidelines in heterogeneous IT landscapes
- Automate security and compliance controls to ensure real-time problem resolution
In the first part of the webinar, Martin Kuppinger, Founder and Principal Analyst at KuppingerCole, will talk about the need for getting a grip on PI/PII, beyond GDPR. Data Governance and Continuous Compliance must become an integral element of the IT Risk Management and IT Security Architecture.
In the second part, Nimrod Vax, Chief Product Officer at BigID, will speak about the capabilities to automate data processing reports, how they fit into a continuous compliance model with services and technology partners, and the concept or privacy assurance.
BigID aims to transform how enterprise protect and manage the privacy of personal data. Organizations are facing record breaches of personal information and proliferating global privacy regulations like the EU GDPR with fines reaching 4% of annual revenue.
Today enterprises lack dedicated purpose built technology to help them track and govern their customer data at scale. By bringing data science to data privacy, BigID aims to give enterprises the software to safeguard and steward the most important asset organizations manage: their customer data.
Cloud computing and mobile workforces have resulted in an expanding attack surface and a complex web of identify information. This means that traditional perimeter-based security models are no longer effective. A Zero Trust model of strict access control for every user and device enables businesses to be connected and secure, but an effective identity-focused approach is essential.