Let us get your organization compliant with GDPR.  Article 30 of the regulation specifically relates to knowing your data.  You must know why you have personal data, where it is, how it is manipulated, who has access to it and uses it, and where it comes from or goes to.

Financial institutions everywhere are facing challenges when it comes to complying to regulations like BCBS 239, CRD IV, CCAR and Solvency II. Applying good governance over information assets is the key to becoming compliant.

Understanding the current state of the information systems is required not just for positive regulatory assessments, it is vital to support risk reduction and prepare for any economic challenges. Timeliness is also proving to be a challenge when it comes to reporting in large financial institutions that span multiple information systems. Orion can provide insight on the timing of data integration jobs across the systems in addition to exposing true provenance.

Key Elements:

  • Enhanced personal privacy
  • Increased duty for protecting personal data
  • Mandatory personal data breach reporting
  • Significant penalties for non-compliance

This knowledge component gets called various things, including Data Mapping, Data Lineage or Data Provenance. At Orion we refer to this as the End-2-End Map of Information Assets.

Avoid going through the time-consuming process of manually cataloging and discovering personal data, which is critical for GDPR compliance.  How many places can you look?

Orion Governance has the perfect solution to automate discovery of personal information.  Simply define or import your GDPR catalog and start automatically discovering where the data is physically stored when scanning any of the 40+ sources that we support!  Orion’s Map of Information Assets is a visualization of all the data in your enterprise, be it structured or unstructured, on-premise, or in the cloud. It includes all endpoints for your data, where it comes from or goes to. It includes all the transformations data undergoes between the endpoints, whether that be internal operations in structured databases, part of an inhouse Java application, or even data in a mainframe!

This is part of a GDPR journey that every organization needs to take, including:

Data discovery and Identification

Automated discovery of data assets and cataloging metadata.  Personal and Customer data tends to be spread out across relational databases, archived records in a data lake / warehouse, Mainframes and Distributed File System stores (e.g., Hadoop etc.).

Catalog external data sources

Vendor and third-party data is often collected using different business processes than internal data, and may be used to enhance personal information through record matching and additional processing.

Automatically discover and document data flow and lineage

Data flow of various Critical Data Elements (CDEs) within the enterprise along with lineage is essential to ascertain where customer data moves.

Implement a metadata repository and layer

Customer and prospect data may be spread across data stores.  Creating a metadata layer will help abstract the different data sets and apply the proper restrictions to those considered personally identifiable data.

Read more about how Orion can help you to automate your GDPR response.

There are more articles about preparing for GDPR compliance in the Articles section of our site: GDPR – are you late to the party? and GDPR compliance in < 60 days.