Do you want to be part of our CDO ecosystem?

,

IRM UK CDO Executive Forum, 22 November 2017, London

Taking place at the Enterprise Data Conference and BI & Analytics Conference Europe, 20-23 November 2017, London

Moderated by Jan Henderyckx, a highly rated consultant, speaker and author who has been active in the field of Information Management and Relational Database Management since 1986. Jan’s experiences, combined with information architecture and management expertise, have enabled him to help many organisations to optimise the business value of their information assets.

Some of the organisations that attended previous CDO Forums’ include:  Barclays, BBC, BG Group, BT, BUPA, Contactlab, ČSOB Pojišťovna, Fidelity International, GE Capital, Lloyds, National Trust, Natiowide Building Society, Nordea Bank, Premier Farnell, Prudential, Rolls-Royce, RSPCA, Santander, Shell, Southern Water, Statoil, Talenom, The British Army, Visa Europe, XL Catlin

For the fifth time IRM UK is hosting a CDO Executive Forum. Over the last two years we have formed a great group that collectively shares ideas that help define the CDO role and set direction on the effective embedding of CDO’s into an organisation. We will be presenting the key findings and proposals of our previous meetings during a session at the conference on Tuesday.

Given that most participants are seasoned CDO’s or have relevant experience on the subject we have an ideal setting for going to a level that really helps you deliver value as a CDO. This your chance to become part of this community of CDO’s and share your knowledge and insight to collaboratively advance the best practices.

During the November Forum we want to further focus on the value delivery, architectural patterns and collaboration model with the other “Data Roles” If you would like to address other topics there is certainly room for other items to be discussed.

Jan Henderyckx will introduce the following topics:

  • “Bi-modal, Four-modal, innovation,” … what’s the best value delivery model?
  • What are the responsibilities of the CDO? First line for all things data?
  • Architectural patterns for data value creation, do we need blockchain and AI?

This is your chance to discuss these issues with you peer group. Places are limited to 20 so please apply for your complimentary place as soon as possible by e-mailing Jeremy.hall@irmuk.co.uk

Accelerate your GDPR compliance project

, ,

How the GDPR Accelerator from Inpuls and Orchestra Networks supports sustainable GDPR compliance?

Jan Maarten Willems, Managing Partner, Inpuls, and Léa Doré, Pre-Sales Consultant, Orchestra Networks, discuss the European Union’s General Data Protection Regulation (GDPR), and deliver a demonstration of the new GDPR Accelerator from Inpuls and Orchestra Networks.

In this session you’ll learn more about the upcoming European Union regulation, how the regulation requires better information management, and see how the GDPR Accelerator can help your organization comply.

Stacks Image 434252
To learn more about our GDPR Accelerator, please contact us @ sales@inpuls.eu

Are you ready for GDPR?

Are you ready for GDPR?

214Days 21Hours 00Minutes 39Seconds

We can help you being compliant when the counter goes to zero.

DAMA International issues 2015 annual call for DAMA Award nominations

— Most prestigious recognition for data management achievements

SEATTLE, WA – DAMA International today issued its annual call for nominations for its internationally recognized Awards for excellence in the field of Data Management.

“These awards recognize substantive contributions to the data management practice and community,” said Sue Geuens, President of DAMA International.
Over the years, DAMA International awards have recognized breakthrough data management thinking, specific educational contributions, and advances to the practice. Past winners include John Zachman, Karen Lopez, Anne Marie Smith, Robert Seiner, Peter Aiken, Dr. Gordon Everest, David Marco, Steve Hoberman and many others.

Nominations may be made by visiting the website: http://bit.ly/1FHavAs.

The deadline for submission is only seven weeks away on December 4, 2015. Act Now!

Inpuls Lauches Video channel: the Pulse

,

Youtube
We are constantly looking for new and effective ways to connect with you.
As we consider information to be the pulse of your organisation, we thought it would be a good idea to have a video channel that reminds people of that.

Hence the launch of Inpuls’ Youtube channelthe information pulse

 

We want to be a data driven company

, , , , ,

You could have been on retreat on a mountain, cut-off from all communication for the last four years, but that would be about the only excuse I can think of for you not knowing the new mantra: “data is the next hot thing”.
Most likely, your management wants to get into “the BIG data“ space wants to hire a bunch of data scientist. Failing to do so would create such a BIG (capitalisation intended) competitive disadvantage we would all be out of a job pretty soon.
So what are you waiting for to wheel an elephant into the IT-room?

Is that really the first thing to do in order to achieve quickly a competitive advantage?
Any rom-com screenwriter may tell you that the pretty girl has always been under your nose, but you simply didn’t notice her until the end of the movie.In reality there is a huge untapped potential in many companies to get better insights and improve operational efficiency without bringing in exotic datasets or going into the uncharted waters of data lakes.

Being data driven is in the first place a mindset, and not a box of tools.

Obviously the new capabilities will allow you to push the envelope, but you would be surprised how much you can get out of your current envelope without having to push it too hard.

A simple approach would be to look at it from two angles:
what processes are not capturing transactional data, and
what transactional data is not being linked to a process?

In many cases there is far more available than what is being analysed. The bottles of water that are already available on your companies table, but remaining unopened, could prove to be more valuable in the short term, than having to run to a lake to stop your data thrust.

You only need to ask: “what data will bring me closer to reaching my targets?
Having an eCommerce site, but not acting upon dropped baskets? Making a next best offer has a high probability to turn into a sale. For sure, a quick route to an increased net profit.

There are plenty of similar examples that will help you reach your objectives and they might be closer than you would think.
So who has been under your nose, but has remained unnoticed till now?

Want to get started and get tangible benefits tomorrow? Engage us for a quick scan

Four-loons

Data privacy & protection as a service?

, , , , ,

In our last article we provided an overview of the upcoming strict EU directive on data privacy & data protection and how companies will be affected.

Companies dealing with EU citizen data will need to deal with different types of requests, both from EU citizens as well as from local authorities.

In certain industries, in case of a data breach or when a company is under suspicion by the public or authorities, these requests can mount to very large numbers and often they’re not easy to respond to and very time-consuming.

Seen the potential width and scale of these requests it’s worth wile to already now consider a service offering as part of the path to compliance.

The ability to ensure privacy & protection of person data is becoming

a crucial differentiator for companies and their customers.

The following describes some of the requests a company might get as part of the new EU directive on data privacy & data protection and how a service approach can provide a sustainable solution**:

Who has to deal with these requests?

  • Any company handling EU citizen data of over 5000 unique EU natural persons (per year), any public authority from within the EU, any company that’s monitoring EU natural person data as it’s core business or any company that’s processing sensitive personal data (children’s data, location, health records,…).
  • – In most large companies the Data Protection Officer (DPO) will/should be in charge, and most of the time his/her office will be the ultimate responsible for the request handling.

 

What type of requests can companies get?

  • Different formats:
    • Paper requests
    • Electronic requests – these must be answered in an electronic form and format, comprehensible for the requester.
  • Requests of a natural person…:*
    • to obtain a copy of all his/her personal data and/or all data that allows the company to identify him/her as a person.
    • for rectification of bad quality personal data (e.g. a duplicates, wrong spelling, wrong address, … ) or of personal data in doubt. Bad quality data or data in doubt can prevent a company from using that personal data until proven otherwise.
    • for the deletion (hard) of personal data.
    • to get insights into the usage of his personal data (e.g.: in marketing campaigns, for profiling activities, …).
    • to provide information about a data breach involving his/her data.
    • to upload his/her personal information obtained from another company (e.g.: call behaviour or transaction history when converting from one telco or bank to another).
    • …
  • Requests from local authorities:
    • about number of requests from natural persons and the ability to handle them within 1 (max 2) months,
    • requesting cause, impact, communication & remediation of a data breach.
    • …
  • … upon a data breach, an entirely separated (service) process should be initiated. This can be compared to a typical incident process with high priority incident handling requiring max attention & emergency procedures.

 

What do you mean “It’s about more than stored data”?

  • Besides the actual data, a company will also need to track & be able to provide proof of the use of personal data (use of archived data, use of data for (advanced) analytics & data mining, rectifications of bad quality data…).
  • Furthermore, it’s not just about structured personal data, but also about unstructured personal data (documents, pictures, video’s, e-mails…).

 

How to avoid assigning a massive workforce to data privacy & protection?

  • Especially for large companies the advice is to start now (or at least beginning of 2015) with an analysis and a data governance exercise on what personal data means for your company & it’s use, ownership, policies etc.
  • You don’t want to go out and fetch all personal data captured in internal (and sometimes external) systems upon each request. A master, which automatically collects all personal data (where all sources are federated) can be a single point of truth upon request, allowing for easy and up-to-date request handling.
  • This (MDM) master should not only collect the “personal data”, but also track it’s source(s), consumers, rectification logs,… & should also allow for monitoring & delete-initiation.
  • Your front end should be more than a call center or mailbox, it should preferably contain a service layer with predefined service request templates and automated request handling:

More details about the use of MDM, a front-end service layer, data governance & other information mgt. capabilities facilitating compliance will be provided in the December SAI session in Belgium.

 

Data protection and privacy as a service?

  • Ultimately, a lot of companies will face a tipping point where manual request handling is to be replaced with service enablement of requests.
  • Companies with a transparant & lean solution landscape, business processes driven way of working and a high maturity in information management have an easier task in the discovery of the ‘personal data’ information lifecycle and therefore their tipping point is higher.
  • Although a high tipping point will give companies an advantage in terms of speed of compliance, we still see a great deal of companies that will need to apply or gear up a number of fundamental information mgt. capabilities (Data Governance, Master Data Management, Data Quality, Data Security,…) to obtain sustainable compliance and avoid high operational costs & fines (100 MIO euro or up to 5% of global turnover).

Tipping point data privacy requests

More details about the use of MDM, a front-end service layer, data governance & other information mgt. capabilities facilitating compliance will be provided in the December SAI session in Belgium.

 

 

* exceptions to deletion and handling exist (e.g.: in healthcare).

** material is based upon the current draft guidelines, which are close to final approval (expected end 2014 or beginning of 2015).

 

Questions: contact Inpuls.eu @ info@inpuls.eu or +32 3 443 17 43

EU directive around data privacy and protection: impact on your company and timing.

,

Why this article?

The new EU data privacy and data protection directive might still seem like a distant compliance topic for the vast majority of companies. In this set of blog posts though, we ask ourselves if the ~2,5 year timeframe (estimated due date: end 2016) is indeed a long time for implementing and complying with this directive or if we should be vigilant in our approach and start looking into this already now? A recent call with a Gartner resource confirmed our hunch that mature companies (in information management) are putting this new directive high on their agenda already now.

What?

The directive concerns the processing, maintenance, storage, distribution and erasure of personal data by all enterprises that are involved with personal data of natural persons residing within the European Union. Personal data applies to any information relating to a data subject (natural person) both structured as well as unstructured data held in electronic & manual format. The directive also focusses on security and in particular on Personal data breaches. These Personal data breaches include accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.

When?

The directive was already put up for vote at the EU parliament earlier this year and is expected to be signed by the member state ministers by the end of 2014 or beginning of 2015. It’s one of the top tech priorities for the current Italian EU Presidency as well as for the new EU commission president Mr. JC Juncker. Upon final approval, we estimate a default 2 year period to allow for companies & governmental bodies to prepare & comply.

Impact:

In this first article we will cover a high level overview the big impact area’s (MDM, Integration, BI, Organization, Communication,…) . Each main impact area will be detailed afterwards in a set of dedicated articles. (We will not necessarily cover all impact areas, nor will we refrain from specific details in the directive.  Furthermore we will not cover all potential exceptions as mentioned in the directive.) We will not necessarily cover all impact areas, nor will we refrain from specific details in the directive. Furthermore we will not cover all (potential) exceptions as mentioned in the directive. The goal is to provide a high level overview of the impact.

Org. impacts:

Besides the mandatory assignment of one or more Data Protection Officers, it’s clear that these people (in most cases) will not work alone. Coping with handling requests, internal audits, support in projects etc. will require a full team. The DPO and their staff will closely collaborate (from the start) with several other (Corporate) functions like: Legal office, Security office, Project office, (Enterprise and Solution architecture), Solution portfolio office, data governance & analytics organization and the BPM office & organization. Furthermore, in case of a data breach an on-call (and ready to act) support team must be able to respond to the authorities within 24 hrs. and to data subjects without delay. Standards, policies and procedures should be setup to accommodate for this.

Requesting data, updates & erasure:

A request process is to be put in place, with efficient request handling. Requests can be about the creation, update or deletion of personal data. Handling large volumes of data and large amounts of requests indicates the potential need of a data services approach (e.g. ESB enabled) and (potentially) a request reply mechanism, especially if we know that automatically processed data must be provided to the data subject in an electronic form, easily accessible & readable by the natural person. The use of data services (e.g. ESB enabled) can also be a good approach to keep track of sources & consumers of data. Tracking relevant integrations of personal data can facilitate the required proof with regards to the correct deletion & removal of data for both internally consumed data as well as data that was shared with 3th parties (right to erasure).

Data, documents and communications about natural person’s data:

The master data and documents, related to natural persons privacy & protection (e.g. proof of consent, age, language, consumers of the personal data, data categories,..) will be extended which means that a wide variety of new attributes & documents must be stored in a master and an enterprise content management solution (ECM). Besides a set of extra attributes and documents, certain data like race, ethnics, health etc. can no longer be kept (besides some exceptions). When communicating about these documents, the directive distinguishes between children and adults – both in giving consent as well as in actual communication about personal data requests, updates or deletes. Furthermore, operational paper and electronic documents like contracts, invoices, sales orders, etc. containing personal data should also be traceable, which means that they have to be (scanned & ) moved into an ECM solution as well.

Data quality

The better the data quality & accuracy, the fewer requests an organization will receive for rectification & completion of personal data records. High data quality & accuracy therefore directly lowers effort & costs. Furthermore, a data subject which is in doubt of the accuracy of his personal data can content the use of his personal data which directly impacts the ability to process the data. High data quality & accuracy therefore directly impacts the processing of personal data.

Profiling

Not only can a natural person object against profiling activities with his/her personal data, the controller also has to keep logs about actual profiling & measurement activities. This affects not only the (relatively small) domain of profiling, but also the full scope of IM in the company. After all, MDM, BI & advanced analytics all depend on some sort of profiling or data mining from time to time.

MDM:

The MDM solutions can and should play a key role in the implementation and maintenance of this directive. After all, data quality can be obtained at the source, and the better the accuracy is at the source (and their consumers) the higher the chance of being compliant. MDM, ECM & other source solutions will be considered (together with Integration) as the watch-towers of personal data, increasing the role and importance of these systems.

Operational compliance:

A company should be able to demonstrate the effectiveness of the operation of controls and governance, which encompasses e.g.: DQ metrics, measures of training and staff knowledge/awareness (part of DG),… This means a set of controls must be setup & maintained & integrated with operational processes.

Exceptions:

Exceptions will be handled as well, where we look into exceptions for health-care & patient’s health risks, as well as investigations and use of personal data for criminal investigations etc.

Data storage, architecture and design:

The minimal storage of personal data, combined with a predetermined architectural design, imposing minimal usage of personal data is not to be taken light. Especially for companies with existing reference architecture, some adaptations might be required. Architectural impacts should be considered not only during the next 2,5 years, but should already be imposed to any new service, project or architectural design. In a subsequent post we will include a high level roadmap, showing that (especially for mid-sized & large companies), the journey around this new directive has to start now (with Master Data Governance).

The Reference Data Digest

, , ,

Reference Data Digest.

Is a monthly newsletter that brings you details of recent changes to commonly managed reference data tables. This way data managers have a resource that relieves them of the need to monitor the external code tables for changes.

Reference Data Digest