Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Looking Beyond GDPR Compliance Deadline

This new document explores how Accenture can help financial services firms use a holistic data-centric approach to compliance and to respond to the requirements and challenges to the General Data Protection Regulation. Learn more: https://accntu.re/2uq8ANV

Les commentaires sont fermés

  • Identifiez-vous pour voir les commentaires

  • Soyez le premier à aimer ceci

Looking Beyond GDPR Compliance Deadline

  1. 1. Looking beyond the compliance deadline to achieve sustainable position while driving strategic business outcomes LOOKING BEYOND GDPR
  2. 2. 2 LOOKING BEYOND GDPR Many organisations will be dealing with residual risks for the next 12-18 months Our experience indicates that information discovery has typically identified 30-50% more processes and applications requiring remediation than expected, which has impacted programme phasing. Changes are much broader and deeper than expected Deploying changes to technology landscape is taking longer than planned, and operating models require strengthening with more people and rigor to support business as usual operations. Operational scalability is a concern If the volume of Data Subject Requests is higher than predicted, organisations are expected to struggle to respond. Most organisations are unable to fully comply with 'right to erasure' requests Data is spread across the technology landscape and legacy applications don’t support deletion or anonymisation. Lack of full data lineage means that downstream impact of data deletion is not fully known. Unstructured data landscape is still widely unknown The extent of personal data exposure in unstructured data sources (e.g. Microsoft® SharePoint® and emails) has not been fully defined. Many organisations are yet to address such data sets. STATE OF THE INDUSTRY POST THE GO-LIVE TheGeneralDataProtectionRegulation(GDPR)cameintoeffect onMay25th,2018.Dealingwithresidualrisks,andembeddingthe rightprivacycultureanddatamanagementpracticesisexpectedto taketime.However,formanyorganisations,itisthestartofajourney tosustainablecompliance.GDPRalsopresentsanopportunityto transformdatagovernanceandinfrastructure,keyinestablishing customertrustandsupportingexpansionofdigitalservices.
  3. 3. LOOKING BEYOND GDPR 3 Remediation Assess and factor in the effects of data processing on individuals using structured Data Privacy Impact Assessment (DPIA) frameworks. Establish clear purpose for data processing to help manage the data lifecycle and clear data retention schedules that are implementable in downstream systems. Challenges Consider the data minimisation principle when designing big data analytics so as not to collect and store personal data that may not be necessary. Evaluate whether profiling could have any intrusive effects that could perpetuate negative consequences, especially in the context of product provisioning. RISE OF ‘DIGITAL RISK’ IN ENTERPRISE RISK MANAGEMENT Big data, artificial intelligence (AI) and machine learning are becoming part of business as usual for many organisations, creating enhanced business benefits and new customer insights. However, privacy by design and default principles must be embedded from the outset to protect the rights of the data subjects. Balancing the rights of the data subject vs. the legitimate interest of the data controller Fairness of Processing Data Minimisation Compliance Requirements New Technologies for Greater Efficiencies Purpose Limitation Automated Decisioning & Profiling Machine Learning & AI Big Data Analytics
  4. 4. † “A New Slice of PII, with a Side of Digital Trust, Accenture 2017. †† UK Financial Services Customer Survey 2018, Accenture 2018. Building a strong data privacy culture and demonstrating fair and transparent use of data is key to building and sustaining trust amongst customers, employees, and business partners and alliances. Robust data management is, in our view, also key to establishing customer trust, requiring the rationalisation of legacy infrastructure to dispose of data that is no longer required and for which there is no valid legal hold. Our experience indicates embedding privacy and security requires both a cultural change and proactive process, which can potentially help reduce and mitigate risks. Providing consumers greater transparency and control over their data is key to digital business expansion and new service offerings under the Payment Services Directive 2 (PSD2) and Open Banking. LOOKING BEYOND MAY 25 ROBUST DATA MANAGEMENT IS KEY TO DIGITAL EXPANSION Accenture’s research into consumer behaviour suggests data privacy and protection is not just about compliance and should be at the core of wider business strategy. 8OUT OF 10 consumers surveyed say trust is a key driver of brand loyalty.† ABOUT 2OUT OF 3 UK consumers surveyed would consider asking their financial services provider to delete personal data.†† 54% of UK banking consumers surveyed are willing to share their personal information with their bank in return for certain added benefits and more personalised, relevant services.†† 4OUT OF 10 consumers surveyed claim that their trust in a company increases when breaches are handled swiftly and correctly.† 4 LOOKING BEYOND GDPR
  5. 5. We believe investments in GDPR compliance could help drive strategic and operational benefits to unlock your data’s strategic value and deliver a better customer experience. BURDEN OPPORTUNITY STRATEGIC MARKET DIFFERENTIATION GDPRTHEMES Stricter consent Strengthen consent model/value exchange Increase opt-in and improve marketing spend VALUEOPPORTUNITIES Detailed records on data processing Enterprise-wide customer data mapping More efficient data operations New categories of personal data Treat digital shadow as customer data Opportunity to monetise data Stricter governance Improve privacy risk management Good regulatory relations Privacy by design Business cases with value/risk of customer data Improved RoI of new initiatives Accountability for 3rd party sharing Strengthen 3rd party data sharing strategy More value from data sharing Reduction in customer data held (data minimisation) Delete records outside of retention periods Help reduce cost and data noise Transparency and accountability Demonstrate transparency in data processing Trusted brand and expansion of digital services LOOKING BEYOND GDPR 5 COMPLIANCE BURDEN OR BUSINESS OPPORTUNITY?
  6. 6. 6 LOOKING BEYOND GDPR HOW ACCENTURE CAN HELP DATA-CENTRIC APPROACH TO COMPLIANCE Accenture has developed a holistic data-centric approach to compliance that helps reduce risks and improve customer trust. This is supported by a ‘GDPR in a box’ solution that has been developed based on our global GDPR implementation experience, and our strategic ecosystem with key vendors. DATA DISCOVERY & LINEAGE 2 COMBINED WITH OUR STRATEGIC ECOSYSTEM SOLUTIONS Single ecosystem orchestrator Accelerate compliance adequacy Easy integration with IT landscape ‘As a service’ option DATA PROCESSING ASSESSMENT 1 DATA SECURITY & BREACH DEFENSE 4 DATA DELETION 3
  7. 7. LOOKING BEYOND GDPR 7 1. DATA PROCESSING ASSESSMENT Objectives • Manage records of processing (RoP) activities • Perform data privacy impact assessments (DPIAs) to identify and manage privacy risks Key Features • Records of processing traceability and workflow • Correlation of data processing, applications and processes • Automated regulatory authority reporting • Data privacy impact assessment (DPIA) ‘engine’ 2. DATA DISCOVERY & LINEAGE Objectives • Systematically discover and classify structured and unstructured personal data • Use machine learning and AI techniques to improve the quality of discovery results and accelerate analysis Key Features • Simple interface for discovery rule creation • Information mapping to accelerate execution of individual rights (e.g. deletion/portability) • Plug & play platform integrating best in class solutions • Powerful data governance tool to address new security measures using a risk-based approach 3. DATA DELETION Objectives • Use a central, configurable orchestrator to perform data deletion • Integrate with a diverse applications landscape Key Features • Eligibility engine to define data deletion rules • Central orchestrator enabling configurable physical or logical deletion • Log mining to discover downstream data dependencies • Application decoupling logic for data deletion 4. DATA SECURITY & BREACH DEFENSE Objective • Provide data security solutions that help reduce risk of personal data breach Key Features • Plug & play integration of security solutions/controls • Cyber attack detection and enhanced security measures (Accenture Cyber Fusion Centre) • Security incident response solution for notifying breaches to authorities and affected parties (FusionX LLC Incident Response Services) • Identification of stolen personal data via open/dark web sources (iDefense® Security Intelligence Services)
  8. 8. CONTACT US Get in touch to find out more about data privacy and protection regulations, their impact on your organisation and how Accenture can help you move towards a sustainable compliance position while driving wider business outcomes. Chris Thompson Senior Managing Director Cyber Risk & Resilience Lead, Global Chris.e.Thompson@accenture.com Fabrizio Sarrocco Managing Director Accenture Finance & Risk Lead, EALA Fabrizio.Sarrocco@accenture.com Peter Beardshaw Managing Director Accenture Finance & Risk Lead, UKI Peter.Beardshaw@accenture.com Heather D. Adams Managing Director Cyber Risk & Resilience Lead, FS UKI Heather.D.Adams@accenture.com Umer Hamid Manager GDPR Offering Lead, FS UKI Umer.Hamid@accenture.com GET THE LATEST INSIGHTS FROM ACCENTURE FINANCE & RISK: On our blog: https://financeandriskblog.accenture.com On LinkedIn: https://www.linkedin.com/showcase/ accenture_fs_finance_&_risk On Twitter: https://twitter.com/AccentureFSRisk ABOUT ACCENTURE Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialised skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 449,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Its home page is www.accenture.com. DISCLAIMER This presentation is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments.  Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this document and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice.  Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals. 181129 Copyright © 2018 Accenture All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.