Successful GDPR Audit and Compliance

Industry:
Hi Tech

Client Overview

The Client is an Ohio-based, innovative provider of equipment and services for data centers, with a portfolio of power, cooling and IT infrastructure solutions and services that extends from the cloud to the edge of the network. Headquartered in Columbus, Ohio, this company has twenty thousand employees and more than twenty five manufacturing and assembly facilities around the world. The company has regional headquarters around the world. The company is listed in the New York Stock Exchange (NYSE).

Project Scope

The scope of this project is to implement the PII Identification for structured and unstructured data across thier enterprise systems. In this GDPR Audit and assessment project over three thousand five hundred applications and databases are in scope to identify the PII data to complete GDPR assessment across all domains Like: HRIS, PLM, Field Services, Sales etc. across the globe. The identified sensitive data needs review and approval from the data citizens. The approved sensitive attributes need to be identified in the ChainSys metadata management application. The sensitive data need to be remediated by data masking to avoid data breaches and stay compliant. The data Governance procedures and policies need to be established for continuous PII monitoring and remediation.

Business Situation

GDPR is equivalent to a US Federal Law, and GDPR non-compliance can lead to fines of up to €20 million or 4% of annual global turnover. The Client is at the high risk of significant fines, data breach, brand reputation, and potential loss of customers if they do not mitigate the risk of adhering to GDPR compliance. The client needs to complete the PII data assessment in a short period of time and they faced the following major challenges. 

1. 3500 + Databases need to be scanned and identify the PI Data Categories.

2. Complex Business Rules. 

3. Scanning of Password Protected Files.

4.  Power-BI Integration to build the executive dashboards.


Technical Situation

The Technical Landscape at the client consists of 30+ heterogeneous applications and are integrated with a Big Data environment which consists of three Cloudera Hadoop clusters – Development, Production, and Disaster Recovery. The clusters are LDAP, Kerberos, and Sentry configured for authorization and access controls. Reporting is to be performed directly off the Production data lake only (via the Silver and/or Gold layers only) using standard reporting tools.

Solutions

Chain Sys deployed dataZense part of Smart Data Platform for scanning the 5000 databases to identify the 90+ PII data elements confirmed by the business.  The scanning process was completed in 6 weeks of time and the identified PII and non PII data results were shared with Business for their review and decision making.  

With the challenge of having different formats of spreadsheets to perform scanning it was difficult to have uniform format across and time-consuming activity. Scanning is made very simple, in such a way that the Excel file columns can be of any order and it is not necessary, the column order should be the same, across all the files.


Illustrations

Benefits

  • Customized easy User Interface Screen to show the data
  • Enhanced Business Rules specific to the Client.
  • Configured tool level feature to enable scanning for password protected file 
  • Reduced data maintenance costs by shutting down more than fifty unused databases
  • Helped the business to identify the gaps and put proper plans to mitigate the identified risks
  • Data Security is improved 
  • Lowers organization risk of exposure to fines and other penalties
  • Dashboards and Reports provided a quick view of an overall situation of PII Data for better decision making 

Personal Data Identification

Personal data are grouped into two different categories Critical and Confidential Data Elements or Categories.

  • Critical Data Elements/Categories

Critical data elements are those elements by which you can directly identify an individual/person such as their social security number, National Identifier, Visa Number, Passport Number, Employee Number etc.

  • Confidential Data Elements/Categories 

Confidential data elements are information which when combined with other personal data elements are able to identify individuals. E.g.: First name, Last Name, Date of Birth.

GDPR Business Rules

Personal data are identified based on the pre defined business rules and algorithms.

Dashboards

Following Dashboards shows the Count of Databases by Region , Count of Tables by Databases and Count of Columns by Databases. 



Products and Services Used

dataZense - To Visualize, Analyze, Catalog and Scramble Data for Effective Decision Making & Security.


Reference

No items found.