General Data Protection Regulation (EU) 2016/679 (GDPR)
Orion Governance Use Case
Avoiding Millions In Non-Compliance Penalties
GDPR is a European Union law that regulates data protection and privacy for transactions within EU member states. The scope includes the processing, transfer, and protection of personal data from EU citizens to other regions of the world.
Non-compliance penalties can include €20 million or 4% of global annual turnover (whichever is higher). The GDPR Enforcement Tracker is a site that tracks fines for violations.
Use the Orion platform to make your organization GDPR-compliant. Article 30 of the regulations pertain to knowing your data. You must be able to document why you store personal data, its location, how it is manipulated, who has access to it, who uses it, its source, and its destination.
Key GDPR Elements:
- Personal privacy enhancement
- Increased accountability for personal data protection
- Mandatory data breach reporting
- Penalties for non-compliance
This knowledge component has various names, including Data Mapping, Data Lineage, and Data Provenance. At Orion, we refer to this as the End-to-End Map of Information Assets.
Avoid the time-consuming process of manually discovering and cataloging personal data which is critical for GDPR compliance. How many locations will you need to inspect?
Orion Governance has the perfect solution for automating the discovery of personal information across your entire portfolio of corporate data assets. Simply define or import your GDPR catalog, then start the automatic process to reveal where the required data is physically stored. We support more than 70 technology sources!
Orion’s Map of Information Assets is a visualization of all data in your enterprise, including structured, unstructured, on-premises, and stored in the cloud. It covers all data endpoints (i.e., where data comes from or goes to). All transformations are visible regardless of where those operations occur (e.g., structured databases, NoSQL databases, in-house Python or Java applications, within mainframes).
This is part of a GDPR journey that every organization needs to take, including:
Discover and Identify Data
This process includes the identification of metadata used for cataloging. Data about people is usually spread across relational databases, archives in data lakes, data warehouses, mainframes, and distributed file system storage (e.g., Hadoop).
Catalog External Data Sources
Vendor and third-party data are generated from different business processes and can enhance existing personal information through record matching and other analyses.
Document Data Flows and Lineage
Ascertain where critical data elements (CDEs) live and how they move through the enterprise systems. Automated data lineage is essential for this process.
Implement a Metadata Repository and Access Layer
Customer and prospect data are likely stored in many different locations. Creating a metadata abstraction layer will assist end-users with applying proper restrictions to personally identifiable data.
GDPR Compliance for a Global Retailer
Business Problem
Lack of traceability of customer information for GDPR compliance; required financial reporting tied to standard business terms.
The Orion Governance Solution
Orion Governance’s EIIG provided traceability of data assets across Informatica, Microsoft SSAS, Cognos, and Netezza, all of which became searchable with business vocabulary. With this automated, near real-time solution, the client was able to discover and track GDPR-related assets in just eight weeks!
Business Benefits with Orion Governance
This engagement was a fundamental step towards addressing Article 30 of the GDPR requirements: “know your data” across your information landscape. The result was complete visibility of data assets and a better understanding by business users about the data they use for decision-making. This also represented a first step in optimizing a high-trust, self-service data extraction facility.
Cost Savings
The customer reduced expenses due to three major improvements:
- Near real-time traceability
- Unprecedented data accuracy
- Reduction of headcount devoted to fulfilling regulatory requirements
The total reduction was roughly several hundred thousand euros. Beyond that, this customer avoided paying for an expensive proof-of-concept project required by an Orion Governance competitor.