Tiberiu CovaciFull stack tech lead, cloud architectin Canary Islands

With host Andrew BrustMarket Strategy Advisor, Io-TahoeCEO, Blue Badge Insights

GDPR: How European companies have moved towards compliance

For external use

Speaker bios

2

Tiberiu Covaci• Seasoned tech lead in EU markets• Microsoft Regional Director• Cloud architect

Andrew Brust• Covers Big Data and analytics for ZDNet• Strategy Advisor to Io-Tahoe• Data-focused tech career started in 1985

Level set: What is GDPR?

3

For external use

GDPR facts and responsibilities

Effective

May25th2018Penalty:

€20M/$23.5M

or 4% of the

company’s total

global revenue

Most important

change in data

privacy regs in 20

years

DiscoverDiscover and understand both metadata and ‘hidden’, undocumented data across the entire

enterprise

1

2

3

Secure Data governance, security protocols, encrypting/masking, threat protection, data prevention,

policy compliance

DisposeDelete information, identify/consolidate redundant systems, sunset systems

4

For external use

Entities and obligations

Data ControllerData Subject Data Processor Subprocessors

5

For external use

Officers, authorities and boards

6

Data Protection Officer

Employed by Data Controller

Reports into highest leadership level

Must report breaches within 72 hours

Country-level authority(ies)

May set data protection regulations over and

above GDPR

Data Protection Authorities(DPAs)

EU-level governing authority

Comprised of DPA heads

Ensures consistent application of GDPR

European Data Protection Board (EDPB)

For external use

How have European

companies approached GDPR

compliance?

For external use

Previous obligations = current readiness

8

Lax or no previous regulations

Previous regsat national level

Ready for compliance

For external use

Ambiguities

9

Law is general• Much left to interpretation• More specificity on non-compliance penalties than

compliance requirements

Self-assessment is key• And assurance from data processors…• …who may also be self-assessed

Dedication vs. “worry”Privacy by design?

Cloud vs. on-premises

10

For external use 11

Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner Cool Vendor

Io-Tahoe named Cool Vendor in Data Management, 2017Published: 28 April 2017 ID: G00326775

2017

Thank you

12

This file is private and may contain confidential and proprietary information. If you have received this file in error, please notify us and remove it from your system, and note that you must not copy, distribute or take any action in reliance on it. Any unauthorized use or disclosure of the contents of this file is not permitted and may be unlawful. Io-Tahoe LLC, 111 Broadway, Suite 601, New York, NY 10006. www.io-tahoe.com

Io-Tahoe® is a registered trade mark of Centrica plc. © Io-Tahoe LLC 2018