GDPR Compliance: Using Neo4j to Map and Manage Personal Data
•
1 gostou•981 visualizações
Andrew Chumney, Single View Solutions Manager, Pitney Bowes with Navneet Mathur, Senior Director of Global Solutions, Neo4j and Alex Batanov, Field Engineer, Neo4j:Europe’s General Data Protection Regulations (GDPR) will go into effect in less than a year and all companies holding data on European residents will be required to comply. Are you prepared? Watch this webinar to understand how graph-based metadata is the best guide for organizations and IT departments to use on their path to compliance.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a GDPR Compliance: Using Neo4j to Map and Manage Personal Data
Semelhante a GDPR Compliance: Using Neo4j to Map and Manage Personal Data (20)
Mais de Neo4j
Mais de Neo4j (20)
Último
Último (20)
GDPR Compliance: Using Neo4j to Map and Manage Personal Data
- 1. State of the Market – Path to GDPR compliance by using Neo4j Nav Mathur Sr. Director – Global Solutions July 13, 2017 1
- 2. Agenda • GDPR will impact your business • Protect your enterprises and show you are “trustworthy” • Pitney Bowes Data Hub • GDPR – key challenges & Solution Offering • Why Graphs? • Demo • How to get started Andrew Chumney Single View Solutions Manager Pitney Bowes Nav Mathur Sr. Director Global Solutions Neo4j
- 3. Background People give personal data away too readily in return for “free” services. The terms of trade have become the norm almost by accident. - Glen Weyl, an economist at Microsoft Research After the dotcom bubble burst, gathering personal data for targeted advertising was the quickest way to make money. - “Data is giving rise to a new economy” Economist Magazine Consumers and online giants are locked in an awkward embrace. People do not know how much their data are worth, nor do they really want to deal with the hassle of managing them. - Alessandro Acquisti of Carnegie Mellon University 81% of Europeans feel they don’t wholly control their online data; 69% worry that firms may use their data for purposes other than those advertised. - Eurostat Something had to give….
- 4. GDPR – The Mile-High Summary • EU’s General Data Protection Regulation enforces that: • Personal Data belongs to the Individuals and they have the right to ensure it is protected. GDPR is about protection of Personal Data of European residents. • Applies to any organization (large or small) that does business in EU and has personal data of EU residents. • Ratified in April 2016 • US Companies may relate to this as PII (Personally Identifiable Information) data Ninety-two percent of U.S. multinational companies cited compliance with the looming General Data Protection Regulation (GDPR) as a top data protection priority, according to new research from PwC. Sixty- eight percent are earmarking between $1 million and $10 million on GDPR readiness and compliance efforts, with 9 percent expecting to spend over $10 million – Jay Cline, PwC’s U.S. privacy leader 49% of respondents say “no one” is pushing GDPR preparation, 29% say legal department, 14% say Management, 8% say IT - Imperva Survey @ RSA 2017 http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC
- 5. GDPR will impact your business - Liability • Fines amount to 4% of the global turnover(revenue) or €20M whichever is higher, for each instance of breach • Talk of adding Personal Liability for the officers of the company • Among the proposals for the U.K.’s new Digital Economy Bill (the Bill), due to become law next spring, is one under which company directors would become personally liable for payment of fines as a result of nuisance calls being made by their companies. Google fined record €2.4bn by EU over [manipulating] search engine results NHS illegally handed Google firm [AI] 1.6m patient records, UK data watchdog finds
- 8. GDPR will impact your business - No passing the buck • Businesses utilizing personal data for business purposes cannot “pass the buck” to their cloud or security service providers that are processing or storing personal data on their behalf • Requires online services to make it easy for customers to transfer their information to other providers and even competitors • Requires that firms get explicit consent for how they use data
- 9. Protect Your Enterprise, Illustrate “Trustworthy” You must show good data management practices, policies, processes (systems) and awareness What data do you have? • Data Asset Inventory Why do you have this data? • Trace data to its usage, cleanse the data Where is this data? • Which system(s), physical location of data, data movement How did you get this data? • Traceability and irrefutable proof of data source When did you get this data? • Timestamped data acquisition, access, transfer Who has access to this data? • People (training), processes & systems Is the data Secure? • Robust data management lifecycle and security practices Do you maintain a map of this data? • Is all of this meta-data available in a connected fashion Acquire/Use/Transfer with permission Respect ”right to be forgotten” / “right to modification” Plan for Data Breaches
- 10. Great! so what do we really need to do? • Implement a data governance platform • Data definition via business glossary mapped to implementation detail • Tracking create / update / access / deletes of data • Tying relevant processes that operate on regulated data • Building reverse lineage capability to map the data flow • Define data lifecycle management process and policies • Implement a visual dashboard of KPIs • Provide a portal and programmatic interface for individuals • access/update their data, provide/revoke consent, transfer data & view rights • Create a regulatory governance steering group lead by DPO
- 11. Pitney Bowes – Data Hub 11 Leveraging the Power of Graph Andrew Chumney Single View Solutions Manager Pitney Bowes
- 13. Key to Unlocking Data Hub Value 13 Traditional approach Rigid data models tied to RDBMS lack agility – Complex to model and store natural relationships Overly structured schemas force the business to know all the questions up- front – Maintenance is painful, time based data accumulations are difficult Graph Based approach Dynamic Schema – Iterative data discovery allows for continuous relationship additions and data node creation Richer Output – Highly connected entities allow for dynamic search, analysis and time based assessments Firm Individual Account Location owns lives at owns has
- 19. Data Matching Value • Presents a unique record from multiple, disparate data repositories • Visualization of customer data engaging across multiple organizations • Ability to match new or changing data sources, structures and strategies with a flexible matching architecture • Visibility and transparency to the matching rules, algorithms and thresholds Challenges • Duplication of customer data across the organization • No transparency into the match results
- 20. Data Survivorship and Merging Challenges • Intercalation with various departments across multiple disconnected systems. • Duplicate records impact Right to be forgotten compliance. • Difficulty identifying the most recently updated record compliance. • Data Lineage for compliance. Value • Define rules of survivorship and gives the flexibility to change rules as the organization changes • Ability to build the compliance record for each customer from various sources • Merge from multiple existing data repositories for compliance
- 22. Data Stewardship and Governance Initial Spectrum Dataflow Business Steward Portal Exception Repository Exception Reprocessing Dataflow Value •Provides a governance process to manage the compliance of every data source •Provides a single point to effectively manage and analyze exceptions •Provides dashboard and reporting capabilities to quickly see data issues
- 24. “Why Neo4j”: What We Hear From Users ACID Transactions • ACID transactions with causal consistency • Neo4j Security Foundation delivers enterprise-class security and control Performance • Index-free adjacency delivers millions of hops per second • In-memory pointer chasing for fast query results Agility • Native property graph model • Modify schema as business changes without disrupting existing data Developer Productivity • Easy to learn, declarative openCypher graph query language • Procedural language extensions • Open library of procedures and functions APOC • Neo4j support and training • Worldwide developer community … all backed by Neo’s track record of leadership and product roadmap Hardware Efficiency • Native graph query processing and storage requires 10x less hardware • Index-free adjacency requires 10x less CPU
- 25. Demo 2 5
- 26. How to get Started - Suggested Approach • Review regulation • Do you offer goods or services to people in the EU? • Do you monitor behavior (including online activity) of people residing in the EU? • Do you process personal data on EU residents on behalf of a company based in the EU? Determine applicability • Evaluate regulatory requirements, • Evaluate current process and data movements to determine control points • Assess organizational capabilities • Understand the financial and operational consequences Assess • Data Governance Platform • Data Lineage Capability • Connected Graph of People, access & control points, processes, locations, etc. • Portal & programmatic access for individuals • DPO role & processes Implement • Notify individuals • Notify regulators • Publish summarized assessment and implementation report • Provide management and board risk and impact assessment report Comply by May 25, 2018 People Process Technology
- 27. How to get started - Next Steps • Register for a brown-bag graph talk with your team and get a copy of GDPR Pocket Guide @ https://neo4j.com/brownbag/ • Spend 1 hr. to discuss your GDPR initiative with us and validate your solution / approach. Email us, limited to first 5. Thanks! Andrew Chumney Single View Solutions Manager Nav Mathur Sr. Director Global Solutions nav@neo4j.com Andrew.Chumney@pb.com
- 28. Thanks! 28