Gain full visibility across your data landscape, find meaning in your data and improve the quality of business decisions.
Discover and download solutions and pre-built integrations for the Collibra Platform.
Get unparalleled value through the combined expertise and unique strengths of our people and technology.
See how security plays a key role in everything from how we build and deliver our platform to how we hire and train employees.
Collibra Privacy & Risk
Discover and understand data that matters so you can generate impactful insights that drive business value.
Understand your ever-growing amount of data in a way that scales with growth and change.
Show how data sets are built, aggregated, sourced and used, providing complete, end-to-end lineage visualization.
Build customer trust by operationalizing privacy policies and scaling compliance across new regulations.
Modernize your operations with a solution that is scalable, accessible and resilient: data in the cloud.
Drive digital growth and customer engagement by breaking down data silos and adding value to customer interactions.
Fuel your self-services analytics with the right data to develop unique business insights.
Innovate for the future while successfully navigating the complex web of regulations.
Transform decision making in the public sector with secure Data Intelligence that is FedRAMP Authorized.
Cloud ready data
Government and public sector
Tap into our knowledge base by connecting, sharing and learning from your peers in our Data Citizens community.
See how Collibra is helping global organizations unlock the value of their data.
Find the resources you need to accelerate time to value and fuel your growth.
Learn from the leaders in Data Intelligence through our individual courses, learning paths, and certification programs.
Data Citizens '20
Take your data strategy to the next level by arming yourself with the knowledge you need to achieve Data Intelligence.
Get advice, tips and tricks from our product experts and industry thought leaders to learn how to make your data meaningful.
Join the world’s largest virtual gathering of professionals focused on empowering businesses to deliver on strategic goals through Data Intelligence.
Check our upcoming events calendar to discover exciting opportunities to learn from our product and industry experts.
Connect the right data, insights, algorithms and people to optimize processes, increase efficiency and drive innovation.
Read our latest announcements, news coverage and thought leadership articles.
Find an opportunity to challenge and be challenged, and work with some of the most talented people in the business.
Get in touch with a member of our global team by locating an office near you, calling us or sending an email.
As you can imagine, GDPR is a hot topic with nearly every customer and prospect I talk to these days. And with the deadline to compliance less than a year away, it is no surprise that GDPR is being prioritized. In these discussions, there a number of recurring questions on how to approach the regulation and setup a GDPR program. In this blog, I will discuss the most prominent questions and provide some practical guidelines on how to approach each concern.
When defining your GDPR architecture, it is key to start with the basics and determine how you intend to implement the regulation within your organization. As you might have read in one of my previous blogs, there are two main approaches to building your data governance foundation for GDPR: the top-down and bottom-approach. They are not mutually exclusive, and in an ideal scenario, both are applied together. All too often, I see organizations focus on the bottom-approach, which is very technical in nature. It implies collecting all the existing metadata available and using discovery tools to further ‘find’ data elements that can be classified as individual data and hence are in scope of the regulation. By nature of the regulation, the discovery must also cover non-structured data (think e-mails and pdf documents) along with the more standard structured data which renders this entire task of discovering and cataloging tremendous. I suggest starting with the top-down approach which is more business oriented and requires the business owners to define the data process used within their business units. Creating this data process registry is a big task, but this approach will ensure that you define business ownership which is key to your on-going success in complying with the GDPR regulation. Once you have established your business view of the data activities and fully contextualized this within the regulation, you can then look to extend this by establishing the link between your data activity register and the actual data elements residing in your technical architecture. Don’t be fooled. Linking your technical metadata to the GDPR is a huge task and is only part of the solution. A sensible approach here in the short term can be to use a registry of authoritative source i.e rather than going to the physical level of data, you can use your logical data models. You can then link your data activities to the elements in your model and ensure that this is fully contextualized according to the regulation requirements.
There are different ways to start building your data activity registry as per the requirements specified in Article 30. I often see organizations start the process in Excel and then quickly realize this is more than a list. It will require governance and processes, and this is where data governance first comes into the picture. Using the Collibra data governance platform and it’s out-of-the-box GDPR use case, you can kick start your implementation. The accelerator will provide the underlying structure in the form of the asset metamodel, workflows, and dashboards that will support the governance of your registry. The Collibra data governance platform is designed for business users and has strong focus on collaboration. These are key elements in your GDPR program to ensure your business units do not work in silos.
GDPR is a wide-reaching regulation for any organization impacted and will require stakeholders from many different areas:
The key message here is that you cannot implement GDPR in silos, all the stakeholders must be involved, take ownership and work in collaboration and holds for the initial program but also for the on-going BAU.
As the different regulators have pointed out, in order to be compliant with the GDPR regulation organizations will need the ability to prove their compliance. Think of this in terms of self-audit:
How do you prove to the regulator that you have process in place for each of these areas? Here is how Collibra can support you by visually representing many aspects of the regulation:
High level data activity process flow in Collibra:
Detailed data activity flow in Collibra:
Impact analysis in Collibra:
It is critical to establish a thorough change management process around your GDPR landscape. Establishing compliance for May 2018 is the first step in an on-going journey. It is by far not the end of it. Privacy by design is a critical part of the on-going process and requires that any change in your landscape has an early checkpoint with your GDPR program to ensure you remain compliant with your local regulator. Where needed, this change management should also include the Data Protection Impact Assessments which are required for data activities deemed at high risk.
I recently did an interview for Disruptive Tech TV and was asked by the interviewer whether organizations see benefits in implementing GDPR. This is a very relevant question as organization who see the benefit of GDPR , aside from avoiding fines and reputational risk, will surely have a higher commitment to the success of the program.
There is no doubt in the market today that avoiding the fines associated with the GDPR regulation are initially the main drivers to force organizations to comply. However, if you can look beyond the regulation as a burden, there are tremendous benefits your organization will achieve by implementing the principle. GDPR is forcing organizations to take a critical look at their data governance and ensuring they ‘clean up the house. There are tremendous amounts of data being collected today and data is becoming a true asset in its own right – companies that thrive in the new digital world will be those that have succeeded in establishing control of this new asset. By implementing principles such as privacy by design, companies are ensuring that they are only collecting relevant data and know beforehand the reasons for this data collection – this alone will ensure a large amount of data storage and processes can be eliminated and hence lead to significant cost reduction.
Above all, as an organization you are now the custodian of the individual’s data. You do not own it and therefore you are fully accountable for that data, and its accuracy and security, towards the true owner – the individual.
Olivier has over 15 years of experience implementing global Risk and Regulatory solutions within the Financial Services sector. Having experienced the rising need for data governance hands on, he now brings his knowledge and expertise to help companies achieve the highest returns on data governance initiatives.
© 2020 Collibra. All Rights Reserved.
A message to our Collibra community on COVID-19. Read more from our CEO.