A European Union law that regulates data protection and privacy for transactions that occur within the EU member states (including the processing, transfer and protection of EU Citizen personal data to other regions of the world)

Costs of Non-Compliance include penalties of €20 million or 4% of global annual turnover (whichever is higher). GDPR Enforcement Tracker is a site that tracks fines for violations.

Compliance with GDPR

Let us get your organization compliant with GDPR. Article 30 of the regulation specifically relates to knowing your data. You must know why you have personal data, where it is, how it is manipulated, who has access to it and uses it, and where it comes from or goes to.

 

Compliance with GDPR

Financial institutions everywhere are facing challenges when it comes to complying to regulations like BCBS 239, CRD IV, CCAR and Solvency II. Applying good governance over information assets is the key to becoming compliant.

Understanding the current state of the information systems is required not just for positive regulatory assessments, it is vital to support risk reduction and prepare for any economic challenges. Timeliness is also proving to be a challenge when it comes to reporting in large financial institutions that span multiple information systems. Orion can provide insight on the timing of data integration jobs across the systems in addition to exposing true provenance.

Key Elements:

  • Enhanced personal privacy
  • Increased duty for protecting personal data
  • Mandatory personal data breach reporting
  • Significant penalties for non-compliance

This knowledge component gets called various things, including Data Mapping, Data Lineage or Data Provenance. At Orion we refer to this as the End-2-End Map of Information Assets.

Avoid going through the time-consuming process of manually cataloging and discovering personal data, which is critical for GDPR compliance. How many places can you look?

Orion Governance has the perfect solution to automate discovery of personal information. Simply define or import your GDPR catalog and start automatically discovering where the data is physically stored when scanning any of the 40+ sources that we support!

Orion’s Map of Information Assets is a visualization of all the data in your enterprise, be it structured or unstructured, on-premise, or in the cloud. It includes all endpoints for your data, where it comes from or goes to. It includes all the transformations data undergoes between the endpoints, whether that be internal operations in structured databases, part of an inhouse Java application, or even data in a mainframe!

Orion meta data management

This is part of a GDPR journey that every organization needs to take, including:

Data discovery and Identification

Automated discovery of data assets and cataloging metadata. Personal and Customer data tends to be spread out across relational databases, archived records in a data lake / warehouse, Mainframes and Distributed File System stores (e.g., Hadoop etc.).

Catalog external data sources

Vendor and third-party data is often collected using different business processes than internal data, and may be used to enhance personal information through record matching and additional processing.

Automatically discover and document data flow and lineage

Data flow of various Critical Data Elements (CDEs) within the enterprise along with lineage is essential to ascertain where customer data moves.

Implement a metadata repository and layer

Customer and prospect data may be spread across data stores. Creating a metadata layer will help abstract the different data sets and apply the proper restrictions to those considered personally identifiable data.

Use case

GDPR Compliance for a Global Retailer

Project

Orion solved the problem by providing an Automated near Real Time Solution to trace GDPR related assets in 8 weeks!

Business Problem

Traceability of customer information for GDPR, financial reporting tied to business terms.

The Solution

Traceability of information assets across Informatica, Microsoft SSAS, Cognos and Netezza, searchable by the business using business vocabulary.

Business Benefits

The fundamental step towards addressing GDPR requirements, Article30 is to “know your data” across the Information landscape.

This GDPR engagement provided full visibility of information assets and created better understanding from business users on the information they use for decisions. First step for optimizing Data self service with trusted data.

Cost Savings

The solution enabled the customer to provide near real-time traceability with a higher level of accuracy and offload multiple resources who were dedicated to fulfilling the regulatory requirement. The cost savings is in excess of hundreds of thousands of Euros per year. In addition the customer avoided spending extra for a POC that a leading vendor was asking for.