On 10 March, 2017, together with our partner Informatica, we had a workshop on the hot topic for compliance with the new EU legal framework – Personal Data Protection Regulation (EC) 2016/679. The new regulation will enter into force on 25th May 2018 and will apply directly in all the Member States of the Community.
Mr. Piotr Skovronski, Territory manager, Informatica has reviewed the requirements of the new Regulation on personal data and their treatment. He outlined the basic duties and responsibilities related to the provision of personal data. The new requirements include a data protection officer, infringement procedures and breach reporting, the related sanctions, and the right enabling entities to request correction or deletion of personal data.
Mr. Scovronski has also made a hands-on presentation of the Informatica concept on this subject. He spoke about how to identify personal data and how to treat it within the organization, according to the new requirements. For example:
According to the European Commission “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”
- Practically any data that can lead to an identification of an individual can be regarded in terms GDRP. It also means a lot of work of legal for the legal departments.
- There is no distinction between personal data about individuals in their private, public or work roles – the person is the person.
Informatica’s approach includes the following steps that can illustrate the process of personal data processing and protection:
- Identification of all the personal data within the organization;
- Define the location of personal data – systems, files, paper, etc. Identify the data flows and proliferation mechanisms between systems or officials who operate with them;
- Define policies and rules for access and use of these data, as well as the corresponding rights and responsibilities that are clearly defined;
- Document the described processes and create a mechanism to monitor compliance within the set rules;
- Create a clear framework and notification mechanism if the data is somewhere it should not be.
Ilya Gershanov, Senior Consultant, Informatica presented Informatica solutions and how their use may help for all of the above listed stages related to processing personal data.
For example, Informatica Informatica Secure@Source helps us to identify personal data, it`s location and compliance with access policy. This is a universal tool for automated detection, analysis, visualization, risk assessment and notification in case of irregularities associated with sensitive data. This provides a clear picture of who has access to the data, how it is used and distributed throughout the organization, and what security measures are applied to protect sensitive data.
Informatica Axon is another solution specially designed to manage data policies and rules. Using it, businesses can monitor, control, and manage the data which is defined as sensitive.
At the core of Informatica Axon is the creation of a catalog of all data in the organization, policies, processes and roles associated with them. Semantic rules specific for each organization apply to search for and discover personal data. They reveals hidden relations between the metadata, reveal the source and their subsequent distribution, and also assesses the impact in case of unauthorized access.
How to link personal data to individuals – the solution is Informatica Informatica MDM (Master Data Management). It is a powerful application that performs data integration, cleaning and standardization activities, mechanisms for constantly maintaining data quality, and securely backing up databases as well as entire applications that retire from active use but with available reporting options.
Informatica Data Masking is another means of protection that works on the principle of data pseudonymisation. This is one of the appropriate ways for protecting personal data and there are various techniques to achieve:
- Shuffle identification numbers of individuals;
- Replace names with other meaningful names;
- Replace city names with other meaningful ones;
- Replace credit card numbers applying some specific techniques.
For applying the above data masking techniques first are created some predefined rules, which are communicated and confirmed by the end user. Then the set of rules for shuffling and replacing data is used, so that it is possible restore the original record.
With Informatica Data Archive, data and application lifecycle is easily and safely managed. The solution consist of a secure repository that prevents change in structured data from various sources that are already withdrawn from use. Data is stored in a highly compressed file archive, and yet easily accessible via a convenient interface. There are policy management capabilities and rules for automatic archiving or deleting of outdated data. This effectively achieves compliance with all state and EU regulations regarding data, security and management.