Mais conteúdo relacionado Mais de Steven Meister (6) CCPA and GDPR Three Day Self or Acquired training july 20191. 3 days training to GDPR, CCPA
compliance and the Architecture
and methodologies to achieve it.
-Steven Meister
BDRBIG DATA REVEALED
© 2019 Hadooprevealed Inc. DBA BigDataRevealed All rights reserved
2. BDRBIG DATA REVEALED
Contents1 . 3 d a y s t r a i n i n g t o G D P R , C C PA
c o m p l i a n c e a n d t h e A r c h i t e c t u r e a n d
m e t h o d o l o g i e s t o a c h i e v e i t .
C o n t e n t s
2 . Ta b l e o f C o n t e n t s
3 . T h e c u r r e n t s t a t e o f d a t a p r i v a c y
4 . C o m m o n s t e p s p e r f o r m e d b y a l l
c o m p a n i e s t o b e c o m e G D P R / C C PA
C o m p l i a n t .
5 . C o m m o n s t e p s p e r f o r m e d b y a l l
c o m p a n i e s t o b e c o m e G D P R / C C PA
C o m p l i a n t . ( C o n t . )
6 . R e m e d i a t i o n a n d E n c r y p t i o n
7 . T h e C o n s e n t S c r e e n
8 . C o m p a n i e s w i t h h i g h v o l u m e s o f
c u s t o m e r d a t a a s p a r t o f t h e i r d a i l y
b u s i n e s s p r o c e s s
9 . C o m p a n i e s w i t h h i g h v o l u m e s o f
c u s t o m e r d a t a a s p a r t o f t h e i r d a i l y
b u s i n e s s p r o c e s s
( C o n t . )
1 0 . A b o u t U s 1 1 . C o n t a c t u s
2© 2019 Hadooprevealed Inc. DBA BigDataRevealed All rights reserved
3. BDRBIG DATA REVEALED
3
The current state of data privacy
1 . B e c a u s e c o m p a n i e s h a v e n o t d o n e a n a d e q u a t e j o b o f
e n s u r i n g d a t a p r i v a c y, r e g u l a t o r s h a v e b e c o m e
i n v o l v e d .
2 . G D P R & C C PA a r e t h e m o s t r e c e n t r e n d i t i o n s o f w h a t
y o u w i l l b e e x p e c t e d t o a d o p t .
3 . M a n y c o m p a n i e s f i n d a d o p t i o n d i f f i c u l t b e c a u s e t h e
d a t a t h e y a r e r e q u i r e d t o p r o t e c t i s b u r i e d i n a m y r i a d
o f s y s t e m s s t r e w n a c r o s s p l a t f o r m s , m a n y o f w h i c h
t h e y d o n ’ t c o n t r o l .
4 . Q u i c k l y d i s c o v e r i n g t h e r e s t i n g p o s i t i o n o f t h i s d a t a
a n d p r o v i n g a c t i v e p r o t e c t i o n o f i t i s m a n d a t o r y b y
r e g u l a t o r s a n d s h o u l d b e t r e a t e d a s a c o s t o f d o i n g
b u s i n e s s .
5 . I f y o u d o n ’ t h a v e a c o m p r e h e n s i v e a p p r o a c h t o d a t a
p r i v a c y t h a t i n c l u d e s d a t a i s o l a t i o n , e n c r y p t i o n a n d
r a p i d r e m e d i a t i o n y o u a r e a t r i s k o f a p p e a r i n g a s o n e
o f t h o s e w h o s u f f e r e d f r o m c o n s u m e r d a t a t h e f t .
6 . C o m p a n i e s s u f f e r i n g f r o m d a t a t h e f t a d d i n s u l t t o
i n j u r y w i t h f i n e s f r o m r e g u l a t o r s , a r e d u c e d a b i l i t y t o
w i e l d c o n s u m e r d a t a a n d r e d u c e d v a l u a t i o n i n t h e
c a p i t a l m a r ke t s .
© 2019 Hadooprevealed Inc. DBA BigDataRevealed All rights reserved
4. BDR
Common steps performed by all
companies to become GDPR / CCPA
Compliant.
1. Compliancy begins with a Data Protection Impact
Assessment (DPIA). A DPIA Assessment identifies
personal data within your data eco-system, that has not
been encrypted or otherwise protected. BDR creates and
stores the DPIA and all results in Comprehensive,
Collaborative Open Metadata Catalogs.
2. Creating a central data repository that accepts data from
all production applications or Reads your JDBC data into
Spark ecosystem memory for processing, not degrading
production systems.
a) This allows a Compliancy Application to process data Off-Line from
production systems so that their response time is not degraded
during Discovery Processes.
b) Hadoop is an ideal central repository because it accepts massive
amounts of data from most any source; Spark in-memory,
Mainframes, Oracle, Teradata, SQL Server, IoT, Biometric and Social
Media.
c) Technical staff only need to understand the results of the Discovery
Process. They don’t need platform skills, such as SQL, to be
successful.
3. The concepts learned and the intelligence gathered, in
the Big Data (Hadoop) environment, can be leveraged for
future projects.
4. Discovery of the infamous “cross file indirect identifiers”.
4
© 2019 Hadooprevealed Inc. DBA BigDataRevealed All rights reserved
5. BDR
Common steps performed by all
companies to become GDPR / CCPA
Compliant. (Cont.)
• DPIA is the key GDPR / CCPA component that demonstrates to
regulators you understand your data and are making plans for
compliancy. BigDataRevealed focuses on the DPIA process to
satisfy GDPR / CCPA requirements. BDR can be used to inform
customers of the data you hold about them and allow deletion of
that data when requested (more on that a bit later).
• DPIA requires a thorough and accurate Personal Information
Pattern and Value Search across all data types.
• Enterprise, Big Data, Office, PDF, OCR, Biometrics, IoT,
Laptops and every form of potential Personal Data
• A repeatable, complete, collaborative, regular expressions
engine with a library of Personal Information Patterns to be
used in the Discovery process
• Ability to add industry or company specific Patterns (HIPAA,
FERPA, etc..) to this library of Personal Information patterns
is essential
• Metadata Catalogs with the data’s location can be
integrated with other enterprise metadata tools.
5© 2019 Hadooprevealed Inc. DBA BigDataRevealed All rights reserved
6. BDR
Remediation and Encryption
Chart Title
• When historic data is at rest, it isn’t used for point of sale or other
customer interactions. Remediating & encrypting data at rest will protect
against a data breach without affecting operations. Reviewing Creation
and Last Used dates of existing data will determine the architecture of
this methodology and controlled by the company based on its industry
regulations.
• When searching through encrypted data to satisfy a request for ‘Right of
Information’, ‘Right of Erasure’ or other needs, one will need to accept
data from the requestor (using the BDR GUI or your own), encrypt it
(using BDR’s Spring Secured APIs) and then search the encrypted data to
satisfy the request.
• We use Secure Spring Framework API’s in Spark that can be called
from BigDataRevealed or your application to perform the above
functions.
• More extensive processing of encrypted data can be completed
using similar BDR Spring API’s for the purpose of completing
predictive analytics, AI, or other needs.
• We suggest Remediation & Encryption for the following data upon
ingestion and when able, before it is at rest.
• IoT before it becomes data at rest
• Office Documents, PDF Files, OCR, .pst emails
• Biometrics …
6© 2019 Hadooprevealed Inc. DBA BigDataRevealed All rights reserved
7. BDR
The Consent Screen
• To satisfy a request from the customer, a graphical
front-end calls our Secured API allowing the
Customers/Citizens to;
• Create a secured encrypted identity for their
Personal Data for all company communications
• Allows the customer to select which personal
patterns of data they allow Consent to.
• Type in a communication metadata box details
regarding their acceptance or denial of consent to
use their personal information.
• Upload signed Consent forms and validate
companies claims to signed consent forms
• Make the GDPR / CCPA Regulatory requests by
clicking on the regulations they wish to be acted
on such as
• Right off Erasure
• What Data the Company possesses
• Who the Company has shared their information
7© 2019 Hadooprevealed Inc. DBA BigDataRevealed All rights reserved
8. BDR
Companies with high volumes
of customer data as part of
their daily business process
• Companies in Customer Centric and specialized Industries need to
protect against the negative impact of a data breach. This needs to
be done without adversely affecting normal business operations.
The complexity of this task may be the reason many Companies
choose to accept the risk of noncompliance rather than comply
with GDPR and CCPA.
• Using creation and last used dates from legacy data will assist in
the determining the proper methodologies and architecture for
various sources of Personal Information.
• With large volumes of Point Of Sale transactions, such as pharmacy
counters, Retail Sales, Banking, Insurance Companies, Health Care,
Entertainment, hotels, restaurants, airlines and so many others,
the perfect architecture must allow uninterrupted business
operations while still meeting GDPR and other Regulatory
requirements.
• These Companies need to take customer’s Personal Information
and search through both decrypted and encrypted data to supply
the proper information to the customer. This requires decrypting
the compliant data found, for normal production processing. In this
way the data in your database remains encrypted. As more
information is collected from the customer, and additional
transactions completed, the results need to be encrypted before it
can be added to your database. All these decryption and
encryption processes can be completed using BDR’s Secure Spring
APIs and will not require re-developing all your systems.
• At the end of each of these processes, all memory must be cleared
for it holds non encrypted Personal Information at risk to hackers.
8© 2019 Hadooprevealed Inc. DBA BigDataRevealed All rights reserved
9. BDR
Companies with high volumes
of customer data as part of
their daily business process
(Cont.)
• Thorough and extensive analysis, requiring
collaboration from C Levels, Department heads,
DBAs, Stake Holders, Developers, Security
personnel, Researchers and others will be needed
to complete the following steps.
• From where in your production / operational
systems BDR Secure Spring API’s need to be called.
• Security needs to be in place that only allows
access to the Secure Spring BDR APIs from
approved processes and staff.
• Where, when and why unencrypted data needs to
be matched to secured encrypted data for use in
production / operational processes or unencrypted
in general (preferably off the grid) for predictive
analytics, AI, or other needs.
9© 2019 Hadooprevealed Inc. DBA BigDataRevealed All rights reserved
10. About Us
BIG DATA R E V EA LE D IS A S O LUTIO N TO A DDR ES S
R EGULATO RY CO MPLIA NCE IS S UES W ITHIN DATA .
• We are an experienced team of Data
Experts, using open source Apache and
Spark ecosystems, java and our Spring
Framework of proprietary API’s and sets
of tools and methodologies.
• Started in 2014
• Based in Chicago
10© 2019 Hadooprevealed Inc. DBA BigDataRevealed All rights reserved
11. Thank You.
Steven Meister
847-791-7838 (Mobile)
steven@gdprcompliancymaster.com
www. gdprapplication.blog
BDRBIG DATA REVEALED
11© 2019 Hadooprevealed Inc. DBA BigDataRevealed All rights reserved