Gain full visibility across your data landscape, find meaning in your data and improve the quality of business decisions.
Discover and download solutions and pre-built integrations for the Collibra Platform.
Get unparalleled value through the combined expertise and unique strengths of our people and technology.
See how security plays a key role in everything from how we build and deliver our platform to how we hire and train employees.
Collibra Privacy & Risk
Discover and understand data that matters so you can generate impactful insights that drive business value.
Understand your ever-growing amount of data in a way that scales with growth and change.
Show how data sets are built, aggregated, sourced and used, providing complete, end-to-end lineage visualization.
Build customer trust by operationalizing privacy policies and scaling compliance across new regulations.
Modernize your operations with a solution that is scalable, accessible and resilient: data in the cloud.
Drive digital growth and customer engagement by breaking down data silos and adding value to customer interactions.
Fuel your self-services analytics with the right data to develop unique business insights.
Innovate for the future while successfully navigating the complex web of regulations.
Transform decision making in the public sector with secure Data Intelligence that is FedRAMP Authorized.
Cloud ready data
Government and public sector
Tap into our knowledge base by connecting, sharing and learning from your peers in our Data Citizens community.
See how Collibra is helping global organizations unlock the value of their data.
Find the resources you need to accelerate time to value and fuel your growth.
Learn from the leaders in Data Intelligence through our individual courses, learning paths, and certification programs.
Data Citizens '20
Take your data strategy to the next level by arming yourself with the knowledge you need to achieve Data Intelligence.
Get advice, tips and tricks from our product experts and industry thought leaders to learn how to make your data meaningful.
Join the world’s largest virtual gathering of professionals focused on empowering businesses to deliver on strategic goals through Data Intelligence.
Check our upcoming events calendar to discover exciting opportunities to learn from our product and industry experts.
Connect the right data, insights, algorithms and people to optimize processes, increase efficiency and drive innovation.
Read our latest announcements, news coverage and thought leadership articles.
Find an opportunity to challenge and be challenged, and work with some of the most talented people in the business.
Get in touch with a member of our global team by locating an office near you, calling us or sending an email.
As we’ve been discussing on this blog for some time, the “wild west” days of data are numbered. The General Data Protection Regulation (GDPR) comes into force on 25th May 2018. And that means all companies inside or outside the EU wanting to offer their products and services to clients located in Europe will need to clearly understand and answer questions like:
Both data controllers (legal entities such as a company) and data processors (e.g. a SaaS provider) are impacted. And it is not as much about protecting data as it is about protecting the rights of the data subjects – those whose data your organization is capturing.
The UK’s Information Commissioner’s Office (ICO) has provided a document with 12 steps on how to prepare for GDPR. While the ICO is the UK Data Privacy regulator, its advice is perfectly applicable to any company or institution that needs to achieve GDPR compliance and would like some guidance on where to start and what key areas to cover. Let’s look at each of the steps suggested by the ICO below, and explore why you need a data governance platform to effectively implement them.
What the ICO says: You should make sure that decision makers and key people in your organization are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
How Collibra can help
Any data governance program requires adjusting the existing business culture, and implementing GDPR is no exception. While raising awareness is part of internal communications and marketing, no amount of buzz will help if the business is not happy to adopt the new practices, and does so half-heartedly. A data governance platform like Collibra is business focused and facilitates easy adoption and collaboration. We bring the relevant information to the user, through our Collibra On-the-Go mobile app and Data Governance Everywhere Windows and Office integrations.
What the ICO says: You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.
To address this step, you really need a data governance platform. And this is where Collibra shines. It provides a centralized inventory of personal data items across the business and technical data landscape, allowing users to find assets using full text or regular expression search.
Our user-friendly interface allows navigation of hierarchies starting with any item (including drill-down and roll-up). You can understand your data better by contextualising information and automatically linking your glossary terms to each other. For example, the words used in an asset’s definition may refer to other assets governed on the platform.
If your organization uses a single platform for governance, that sits on top of all your data silos, this ensures the latest version of centralized inventory is displayed to everyone. This, together with an audit trail of all changes made, helps build trust in your metadata and drive adoption.
Our flexible out-of-the-box Operating Model allows capturing and classifying metadata information, Business Terms into Business Glossaries, Data Elements into Data Dictionaries and then into Data Sets, the Roles and Responsibilities around all of these, defining and tracking Data Sharing Agreements, Data Activities and Data Usages plus the Principles and Policies governing it all.
What the ICO says: You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
A data governance platform can assist you as you put these plans in place. When mapping out your data processes in Collibra, you can include the capturing of Privacy Notices, when they are sent, to what categories of customers, and any relevant consent applicable. You can track separate privacy notices for separate groups of data subjects, and understand what formulation is required for which data subject category or private data category. Collaboration workflows can be used to involved all the relevant parts of the business in order to understand and capture all the relevant steps taking place as part of these data processes.
A data governance platform deals with all your metadata. And the GDPR regulation, your privacy notices etc. are, in effect, simply that. Collibra has partners that have already built GDPR accelerators on top of our platform, to help companies speed up their GDPR implementation (for example, making the full GDPR regulation articles available as business objects to be linked to and contextualised from).
What the ICO says: You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
How Collibra can help:
Do you understand where data about individuals is stored across your various systems in the organization, and who touches it at each point from capturing to using it in a report? Our lineage diagrams can show you exactly that. The platform allows for searchable end-to-end traceability of personal data across the lifecycle, including process and technology architecture.
A properly implemented data governance solution can help you understand exactly what data you store about individuals and across which systems, making “right to be forgotten” and “subject access” requests a lot more manageable. This information can be easily exported to Excel, CSV, PDF or any of the commonly used data formats.
What the ICO says: You should look at the various types of data processing you carry out, identify your legal basis for carrying it out and document it.
How Collibra can help:
Does this item sound a bit like data governance? That’s because it is! And a data governance platform like Collibra gives you the capability to track enforcement and compliance across the organization, to document and link business rules to policies and data quality rules, to hold evidence of local compliance and provide an audit trail.
What the ICO says: You should review how you are seeking, obtaining and recording consent and whether you need to make any changes
You should start thinking now about putting systems in place to verify individuals’ ages and to gather parental or guardian consent for the data processing activity.
These steps specifically address the importance of technology in GDPR compliance. Using our configurable Asset Model, you can define a taxonomy of Personal Data Categories, as well as a Consent Attribute, which can then be filtered/reported on as required. The consent type (Explicit, Implicit, Guardian consent, etc.) can be linked to each data category, and data categories will then be assigned to your data processing activities.
What the ICO says: You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
While the detection of a breach is an operational activity, once the issue has been detected and flagged, the issues and exceptions management process within Collibra provides an integrated alert mechanism to notify users of actions required (e.g. data disposal, workflow approval, data issue resolution, etc.). Using our lineage diagrams, relevant impact analysis can be performed to understand which data sets and data processes are affected by the breach of a particular system/interface. Mitigation steps can also be tracked directly in Collibra, such as requesting anonymisation, pseudonimization, encryption of data sets and searching filtering by the respective flags to understand readiness and/or impact.
What the ICO says: You should familiarise yourself now with the guidance the ICO has produced on Privacy Impact Assessments and work out how and when to implement them in your organization.
As my colleague Shamma was explaining in a previous blog post, the Collibra platform enables all metadata to be linked and traced back to the systems, users, and related policies. Any new systems on-boarded will need to go through a GDPR compliance check and thereafter, companies should be ready to do a DPIA on their systems where the assessment should identify:
What the ICO says: You should designate a Data Protection Officer, if required, or someone to take responsibility for data protection compliance and assess where this role will sit within your organization’s structure and governance arrangements.
When you appoint a Data Protection Officer, he or she will need to keep track of their Data Register in a centralised fashion, with accountability and audit trails at the heart of the platform.
The Data Governance Center allows you to implement and track accountability using Roles and Responsibilities, Workflows and Views. You can capture Business Stewards, Data Owners, SMEs, and stakeholders. And you can rename out-of-the-box roles or configure new ones according to your needs. The DPO can configure their own dashboard, where they will can view a list of change requests/workflow tasks by user or user group (e.g. data governance council), as well as ability to track and configure data governance processes (for example data issue management, information access approval, proposal of new business terms, etc).
The Data Governance Center also supports a notification mechanism for people that change roles or leave the organization, so that the necessary processes can be initiated. The same notification mechanism can be employed to notify business asset stakeholders of any change or impact.
What the ICO says: If your organization operates internationally, you should determine which data protection supervisory authority you come under. […] In case of uncertainty over which supervisory authority is the lead for your organization, it would be helpful for you to map out where your organization makes its most significant decisions about data processing.
Using the metadata assets tabular view functionality, you can expose the owners and location for each data process, aggregate and filter based on common attributes or relationships, thereby supporting your decision with regards to where the organization makes the most significant decisions on data processing.
So this concludes our review of the ICO’s 12 steps to prepare for GDPR compliance. My aim when writing this blog was to bring the GDPR to life. To make what may seem like an abstract, distant requirement a bit more concrete. Most companies impacted by GDPR are, by now, aware of the deadline and the urgency involved. If you think you will need a company-wide collaborative effort to succeed in implementing the regulation, you are correct. If you are in the process of kicking off a GDPR compliance/data governance program, now is the right time. Remember the key requirements: you must be able to find, understand and trust your data.
And if you already have a data governance initiative with the right tools in place, and you understand the GDPR is applied data governance, then congratulations, you are ahead of the game!
Tudor is a Collibra Pre-Sales Engineer based in London, UK. With an IT background and a degree in Computer Science, Tudor has spent the past 12 years gradually moving from IT-focused roles like software implementation and integration towards more business-focused roles like business analysis and management consulting. The one constant throughout was that he enjoyed helping institutions bridge the understanding gap between Business and IT. As a Management Consultant, Tudor was fortunate to work in several large Business Transformation programmes, across the Telecommunications and Energy industries, experiencing first hand the change management challenges around process, organisation, data, applications and technology. When done right, Data Governance can be the answer to most of these challenges. Since joining Collibra, Tudor has focused on the GDPR and other regulatory applications of Data Governance.
© 2020 Collibra. All Rights Reserved.
A message to our Collibra community on COVID-19. Read more from our CEO.