35
Alain Cieslik Importance of the Data Management process in setting up the GDPR within a company CREOBIS 1
AlainCieslikAlainCieslik
ImportanceoftheDataManagementprocessinsettinguptheGDPRwithinacompany
CREOBIS
1
AlainCieslikAlainCieslik
PersonalDataistheoilofthedigitalworld
2
AlainCieslik
Personalinformationcomesindifferentforms&media.
3
AlainCieslik
Personalinformationcomesindifferentforms&media.
4
PersonalData
Non-Structured
Excel/Word/PowerpointPicture/Video/Sound
PaperEmail/Chat
SocialNetworkSearchEngineWebpage
Semi-structured
XML
JSON
NOSQL
Structured Database
AlainCieslik
ITEcosystemforpersonaldata
DataCenterApplications
Databases
Fileservers
Mainframes
Datawarehouse
Cloud
IaaS
Paas
SaaS
BigData
DataLake
NoSql
Hadoop
5
AlainCieslik
ITEcosystemforpersonaldata:Filesystems
6
Documents
AlainCieslik
ITEcosystemforpersonaldata:Databases
7
Art25.DataProtection
bydesign
Privacybydesign
Art32.Securityofprocessing
AlainCieslik
ITEcosystemforpersonaldata:ModernDatawarehouse
8
https://www.slideshare.net/jamserra/building-an-effectivedatawarehousearchitecturewithhadoop
AlainCieslik
ManagePersonalDatalifecycle
9
https://www.i-scoop.eu/information-management/
AlainCieslik
Personalinformationcomesinalotofdifferentforms&media.
ITEcosystemforpersonaldataiscomplex
ManagePersonalDatalifecycle
10
AlainCieslikAlainCieslik
DataManagementOverview
11
http://dama-phoenix.org/wp-content/uploads/2015/09/DAMA-Phoenix-DMBOK2.pdf
AlainCieslik
DataManagementOverview
GuidingPrinciples1.Dataandinformationarevaluableenterpriseassets.
2.Managedataandinformationcarefully, likeanyotherasset,byensuringadequatequality,security,integrity,protection,availability,understanding,andeffectiveuse.
3.Shareresponsibility fordatamanagementbetween businessdatastewards (trusteesofdataassets)anddatamanagementprofessionals (expertcustodiansofdataassets).
4.DatamanagementisabusinessKnowledgeArea andasetofrelateddisciplines.
5.DatamanagementisalsoanemergingandmaturingprofessionwiththeITfield.
12
AlainCieslik
DataManagementOverviewKnowledgeAreas(KAs)
1.DataGovernance
2.DataArchitecture
3.DataModelingandDesign
4.DataStorageandOperations
5.DataSecurity
6.ReferenceandMasterData
7.DataWarehousingandBusinessIntelligence
8.DataIntegrationandInteroperability
9.DocumentsandContent
10.Metadata
11.DataQuality
13
AlainCieslik
DataManagementOverview
14
GeneralContextDiagram
Definition – WhatistheKnowledgeArea?
Goals – WhatdoestheKnowledgeAreaaccomplish?
WhydoestheKnowledgeAreaexist?
Activities – WhataretheKnowledgeArea’stasksthataccomplishthegoals?
Inputs – WhatdotheKnowledgeArea’stasksuse?
Suppliers – WhoprovidestheinputstotheKnowledgeArea’stasks?
Responsible – WhoisperformstheKnowledgeArea?
Tools – WhattoolsdotheKnowledgeArea’stasksuse?
Deliverables – WhatdoestheKnowledgeAreadeliver?
Consumers – Whousestheprimarydeliverables?
Stakeholders – WhohasaninterestintheKnowledgeArea’ssuccess?
Metrics – WhatisusedtomeasuretheKnowledgeArea’ssuccess?
AlainCieslikAlainCieslik15
AlainCieslikAlainCieslik
Art5.Principlesrelatingtoprocessingofpersonaldata
16
AlainCieslik
Art5.Principlesrelatingtoprocessingofpersonaldata
Lawfulness,fairnessandtransparency
Purposelimitation
Dataminimisation
Accuracy
Storagelimitation
Integrity&confidentiality
Accountability
17
AlainCieslik
Art5.Principlesrelatingtoprocessingofpersonaldata
Principles Governance Quality Metadata Security
lawfulness,fairnessandtransparency
purposelimitation
dataminimisation
accuracy
storagelimitation
integrityandconfidentiality
18
AlainCieslikAlainCieslik
DMBOK2- KeyAreas
19
AlainCieslik
DMBOK2KeyAreas– DataGovernance1.DataGovernancePlanning,supervisionandcontroloverdatamanagementanduse.
DataGovernanceandStewardship
20
Goals Activities
1.Define,approve,communicate,andimplementprinciples,policies,procedures,metrics,tools,andresponsibilitiesfordatamanagement.2.Trackandenforcecompliancetoregulatoryandinternaldatapolicies.3.Monitorandguidedatausageandmanagementactivities.
1.DefineDataGovernancefortheorganization2.DefinetheOperatingFramework3.Createandimplementdataprinciplesandpolicies4.Defineroles5.Implementandsustain
AlainCieslik
DMBOK2KeyAreas– DataGovernance1.DataGovernancePlanning,supervisionandcontroloverdatamanagementanduse.
GoalsofBusinessCulturalDevelopment
21
Goals Activities
1.Todefineadata-centricorganization2.Tounderstandhowbusinessculturedevelopmentsupportsdatagovernance3.Todefinechangemanagementactivitiesthatcansupportdatamanagementandbusinessculturealignment4.Tohighlighttheneedforcommunicationandtrainingindatamanagementactivities
1.Createadata-centricorganization2.Developorganizationaltouchpoints3.Developdata-centricculturecontrols
AlainCieslik
DMBOK2KeyAreas– DataGovernance1.DataGovernancePlanning,supervisionandcontroloverdatamanagementanduse.
DataintheCloud
22
Goals Activities
1.Define,contract,implement,andmonitorcloudbaseddatamanagementareasofprograms.2.Defineimplement/contract,monitorandreportSLAsoninternalandexternaldatastores.
1.Assessorganizationalreadiness2.Definecloudandoutsourcingrequirementsfortheorganization3.Defineandexecutecontractingrequirements4.Selectandexecutecloudinfrastructurevendorenvironment5.DevelopsecurityrulesandETL/capturedatachange(CDC)code6.Operationalizeclouddataactivities7.Reportonservicemonitoring
AlainCieslik
DMBOK2KeyAreas– DataGovernance1.DataGovernancePlanning,supervisionandcontroloverdatamanagementanduse.
DataHandlingEthics
23
Goals Activities
1.ReviewData-HandlingPractices2.DeveloptheEthicalDataHandlingStrategy3.CommunicateandEducateStaff4.AddressPracticesGaps5.MonitorandMaintainAlignment
1.ReviewData-HandlingPractices2.DeveloptheEthicalDataHandlingStrategy3.CommunicateandEducateStaff4.AddressPracticesGaps5.MonitorandMaintainAlignment
AlainCieslik
DMBOK2KeyAreas– DataGovernance5.DataSecurityDefinition,planning,development,andexecutionofsecuritypoliciesandprocedurestoprovideproperauthentication,authorization,access,andauditingofdataandinformationassets.
24
Goals Activities
1.Enableappropriate,andpreventinappropriate,accesstoenterprisedataassets.2.Understandandcomplywithallrelevantregulationsandpoliciesforprivacy,protection,andconfidentiality.3.Ensurethattheprivacyandconfidentialityneedsofallstakeholdersareenforcedandaudited.
1.IdentifyRelevantDataSecurityRequirements2.DefineDataSecurityPolicy3.DefineDataSecurityStandards4.AssessCurrentSecurityRisks5.ImplementDataSecurityControlsandProcedures
AlainCieslik
DMBOK2KeyAreas– DataGovernance10.MetadataPlanning,Implementation,andcontrolactivitiestoenableaccesstohighquality,integratedmetadata
25
Goals Activities
1.Provideorganizationalunderstandingofbusinesstermsandusage2.Collectandintegratemetadatafromdiversesources3.Providestandardwaytoaccessthemetadata4.Ensuremetadataqualityandsecurity
1.DefinetheMetadataStrategy2.UnderstandMetadataRequirements3.DefineMetadataArchitecture4.CreateMetaModel5.ApplyMetadataStandards6.ManageMetadataStores7.CreateandMaintainMetadata8.IntegrateMetadata9.DistributeandDeliverMetadata10.Query,ReportandAnalyzeMetadata
AlainCieslik
DMBOK2KeyAreas– DataGovernance11.DataQualityTheplanning,implementation,andcontrolactivitiesthatapplyqualitymanagementtechniquestodata,inordertoassureitisfitforconsumptionandbusinesspurpose(s).
26
Goals Activities
1.Developagovernedapproachtomeasurablyimprovethequalityofdataaccordingtodefinedbusinessrules.2.Definerequirementsandspecificationsforintegratingdataqualitycontrolintothesystemdevelopmentlifecycle.3.Defineandimplementprocessesformeasuring,monitoring,andreportingconformancetoacceptablelevelsofdataquality.
1.CreateaDataQualityCulture2.PerformPreliminaryDataQualityAssessment3. DefineDataQualityRequirements4.AssessDataQuality5.DevelopandDeployDataQualityOperations6.MeasureandMonitorDataQuality
AlainCieslik
Phase1Acquiredatacapabilities
DMBOK2KeyAreas– DataGovernance
27
DataSecurity DataStorage&Operations
DataModelingandDesign
Dataintegration&interoperability
Phase2Improvedataquality
DataArchitecture DataQuality Metadata
Phase3Setupdatagovernance
DataGovernance
DataWarehousing
Documents&Contents
Reference&MasterData
Phase4Advancedanalyticcapabilities
DataMining DataAnalytics BigData
DMBook 2.0:PurchaseorBuiltdatabasecapability
AlainCieslikAlainCieslik
SummaryofGDPRandInformationGovernance
28
https://castlebridge.ie/blog/2016/01/26/our-most-requested-slide-2014-2015
AlainCieslik
SummaryofGDPRandInformationGovernance
29
Extraterritoriality
Finesas%ofGlobalturnover
Mitigatingfactors
IncreasedPenalties
Coreprinciples1. lawfulness,fairnessandtransparency2. purposelimitation3. dataminimisation4. accuracy5. storagelimitation6. integrityandconfidentiality7.accountability
Risk&PenaltiesMitigation Riskbasedapproachtodataprotection Principle
driven
DataManagement
https://castlebridge.ie/blog/2016/01/26/our-most-requested-slide-2014-2015
AlainCieslik
SummaryofGDPRandInformationGovernance
30
Respectprivacy
AlainCieslik
SummaryofGDPRandInformationGovernance
31
Coreprinciples1. lawfulness,fairnessandtransparency2. purposelimitation3. dataminimisation4. accuracy5. storagelimitation6. integrityandconfidentiality7.accountability
DataManagement
Dataprotectionofficer
Documentation
Evidenceofeffectiveness
Privacybydesign
Oversee&Govern
Plan&Build
Do&Manage
Engage&Respond
https://castlebridge.ie/blog/2016/01/26/our-most-requested-slide-2014-2015
Respectprivacy
AlainCieslik
SummaryofGDPRandInformationGovernance
32
Extraterritoriality
Finesas%ofGlobalturnover
Mitigatingfactors
IncreasedPenalties
Coreprinciples1. lawfulness, fairnessandtransparency2. purpose limitation3. dataminimisation4. accuracy5. storagelimitation6. integrityandconfidentiality7.accountability
Risk&PenaltiesMitigation Riskbasedapproachtodataprotection Principle
driven
ExplicitfocusonData
Management
Dataprotectionofficer
Documentation
Evidenceofeffectiveness
Privacybydesign
Oversee&Govern
Plan&Build
Do&Manage
Engage&Respond
Respectprivacy
AlainCieslik
Inconclusion…
33
Ø Dataisacompanyassetthatneedtobemanaged
Ø Donotunderestimatethecomplexityofmanagingdata…Ø AlotofdifferenttypeofformatandmediaØ AcomplexecosystemØ Thechallengeofmanagingthefulldatalifecycle
Ø DataManagementFrameworkscanhelpyouinthisjourney
Ø DataManagementrequiresanentrepriseperspective
Ø GDPRisafantasticopportunitytoimprovethedatamanagementinyourcompany
AlainCieslik
Referenceso http://dama-phoenix.org/wp-content/uploads/2015/09/DAMA-Phoenix-DMBOK2.pdf
o https://castlebridge.ie/blog/2016/01/26/our-most-requested-slide-2014-2015
o https://www.slideshare.net/jamserra/building-an-effectivedatawarehousearchitecturewithhadoop
o https://www.i-scoop.eu/information-management/
o https://www.slideshare.net/DamaIreland/dama-ireland-gdpr?qid=8482d85b-37de-48c4-8637-dc38047f3496&v=&b=&from_search=12
35
