Stop Procrastinating; GDPR / CCPA Compliance will take years; Don’t fool yourself into believing there is a quick, cheap workaround to complete a Compliancy solution, because the hackers and regulators won’t be fooled. Our simple assessment will identify where vulnerabilities exist in your data eco-system. Our team of experts comprised this overview of steps to become GDPR / CCPA Compliant.

Stop Procrastinating; GDPR / CCPA Compliance will take years without precise & directed Technology lead by an experienced Architect able to lead a mature team of developers. BigDataRevealed can perform a short assessment that identifies where problem areas exist and what techniques you will need to remediate the situation. This is an overview of most processes needed to become GDPR / CCPA Compliant.  Don’t fool yourself into believing there is a quick, cheap workaround to complete a Compliancy solution, because the hackers and regulators won’t be fooled.

  1. Complete a Data Protection Impact Assessment (DPIA), defined as discovering where Personal Data is located everywhere in your entire data ecosystem. Don’t overlook OCR documents, emails, PDFs, Office documents, XML data, Images, already encrypted data and several forms of biometric data. And for CCPA, a citizens characteristics and behaviors both personal and commercial.
  2. Included in step 1 above is streaming and static IoT data in the following forms;
    1. Social media.
    2. ATM transactions.
    3. Cash register transactions.
    4. GPS coordinates.
    5. IP addresses for Mobile devices, alarm systems and others.
  3. GDPR’s Right of Erasure, or the similar CCPA requirement, to remove an individual’s information from your systems and documents.
    1. This is probably the most complex process for any company to perform because it requires you to know where that single customer’s data resides everywhere in your data ecosystem. However, BigDataRevealed was designed for just this purpose and builds an Intelligent Metadata catalogue to point to all of a customer’s data.
  4. Protect the customer’s data! This is a widely misunderstood concept. By ‘Protect’ GDPR is expecting the Personally Identifiable information to be encrypted or otherwise made unreadable. They are also suggesting network security protocols be in place, but they understand hackers always find a way to get through them, so encryption is the real meaning of ‘Protect’, in our interpretation.
  5. A difficult problem with having encrypting data in your production systems is how to keep your Point of Sale, or Customer Service applications functioning with an encrypted database, and how will Data Scientist use that data to create BI and Marketing analytics.
    1. BigDataRevealed has solved these problems with intelligent APIs that decrypt data as needed by applications and re-encrypt the data after additions or changes have occurred.
    2. Ability to safely and securely allow Data Scientists, Data Stewards and Stakeholders to access this data based on authority and by using the concept of off-line processing facilities.
  6. CCPA has a requirement; that upon receiving a verifiable request from a citizen, a company must inform that citizen of all entities they have sold or disclosed the citizen’s data during the past 12 months.
    1. Detailed documentation will be needed to address this very touchy issue. BigDataRevealed’s Intelligent Metadata can supply identifying keys and data that identify which individual’s data was part of a file sold or disclosed to others. You would only need to safely store this file for 12 months.
  7. Another difficult CCPA requirement is to remove a non-consenting citizen’s data from data sold or disclosed to others. Without complete, detailed metadata this might be an overwhelming task. BigDataRevealed has processes and appropriate metadata available to satisfy such a request.
  8. An interactive Consent system allowing Citizens to file requests for data, removal of permissions to use their data and inquiries about the sale or disclosure of their data will streamline the process and dramatically reduce manual effort to process a citizen’s claim. Keep in mind the phrase used in the CCPA regulation that states upon receipt of a ‘verifiable Request’. We believe this means the citizen must prove who they are before you process their request. What information must be provided by the citizen and assessed by your staff in order to know if the request is valid. Don’t be deceived by an individual claiming they are someone they are not.
    1. A means to send or communicate their requests to a company
    2. Send and receive corresponding documents to one another
    3. Do this communication with secure Identification
    4. Change these requests and permissions by the Citizen at will
    5. Companies must be able to;
      1. Access these Citizens requests
      2. Act upon them or ask the Citizen for clarification and more information
  • Automate these processes the best they can to not make this a negative experience to the Citizen causing loss of Customers or increase in Complaints
  1. Ability to process and deliver to the Citizen the results and validation of their requests in the time allowed by the regulatory agency they filed under, GDPR 30 days, CCPA 45 days upon receiving a verifiable request, though the clock starts ticking upon receipt of request not the verification date.
  2. and so on.
  3. Indirect Identifiers which are the most difficult to understand and to process.
  4. First, all of the files and file types must be available in the same central Ecosystem of data and comprise all the data assets of a company.
  5. Files/rows/columns must be compared by common Direct identifiers such as email, SSN, Phone, Account Number or other identifying information.
  6. Then these files need to be grouped together by these matching Direct Identifiers.
  7. Then a secondary search of values must be conducted against the joined data.
  8. Any Direct identifiers or indirect Identifiers such as;
    1. A one in a million antique car or item
    2. A disease or illness, a city, a doctors name in the same record(s)
    3. Someone over 7 feet tall, or an identifying tattoo
    4. Any combinations of information that an average person could identify who a person may be, or reduce the number of possible individuals to a small group.

Complete Channel of Videos on BigDataRevealed

https://www.youtube.com/watch?v=3rLcQF5Wsgc&list=UU3F-qrvOIOwDj4ZKBMmoTWA

Steven 847-440-4439  steven@gdprcompliancymaster.com

#CCPA #GDPR #Big Data #Data Compliance #PII #Amazon #Microsoft #Facebook #Google #JPMorgan #AWS #Azure

ico10

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s