Gain full visibility across your data landscape, find meaning in your data and improve the quality of business decisions.
Discover and download solutions and pre-built integrations for the Collibra Platform.
Get unparalleled value through the combined expertise and unique strengths of our people and technology.
See how security plays a key role in everything from how we build and deliver our platform to how we hire and train employees.
Collibra Privacy & Risk
Discover and understand data that matters so you can generate impactful insights that drive business value.
Understand your ever-growing amount of data in a way that scales with growth and change.
Show how data sets are built, aggregated, sourced and used, providing complete, end-to-end lineage visualization.
Build customer trust by operationalizing privacy policies and scaling compliance across new regulations.
Modernize your operations with a solution that is scalable, accessible and resilient: data in the cloud.
Drive digital growth and customer engagement by breaking down data silos and adding value to customer interactions.
Fuel your self-services analytics with the right data to develop unique business insights.
Innovate for the future while successfully navigating the complex web of regulations.
Transform decision making in the public sector with secure Data Intelligence that is FedRAMP Authorized.
Cloud ready data
Government and public sector
Tap into our knowledge base by connecting, sharing and learning from your peers in our Data Citizens community.
See how Collibra is helping global organizations unlock the value of their data.
Find the resources you need to accelerate time to value and fuel your growth.
Learn from the leaders in Data Intelligence through our individual courses, learning paths, and certification programs.
Data Citizens '20
Take your data strategy to the next level by arming yourself with the knowledge you need to achieve Data Intelligence.
Get advice, tips and tricks from our product experts and industry thought leaders to learn how to make your data meaningful.
Join the world’s largest virtual gathering of professionals focused on empowering businesses to deliver on strategic goals through Data Intelligence.
Check our upcoming events calendar to discover exciting opportunities to learn from our product and industry experts.
Connect the right data, insights, algorithms and people to optimize processes, increase efficiency and drive innovation.
Read our latest announcements, news coverage and thought leadership articles.
Find an opportunity to challenge and be challenged, and work with some of the most talented people in the business.
Get in touch with a member of our global team by locating an office near you, calling us or sending an email.
With the deadline for GDPR compliance rapidly approaching, many organizations are facing a number of GDPR questions. In this post, we’ll answer 8 common GDPR questions that we hear from customers and prospects.
1. What is GDPR and why we should care?
GDPR, or officially, the General Data Protection Regulation 2016/679 will come into force on May 25, 2018. This means officially, we have about 15 months to comply with it. And everyone is now working to put their regulations in place and make sure they follow through, whether by installing tools that allow metadata and information to be linked back to policies, trusted source of data, data usage, sharing agreements, and more.
The primary difference between the GDPR and the prior data protection laws is the timing. As we enter the fourth industrial revolution with the digital age with data as the new oil, a company working with – or within – the EU region will need to comply. Before the rise of Facebook, the Internet, and Google, customer data privacy and protection did not include scopes of such digital assets. Now the new regulations of GDPR have an expansive scope.
2. With the BREXIT in sight, will I still need to comply?
The simple answer is YES. According to this C Suite article, the UK government has agreed to comply to the EU GDPR regulation not withstanding the UK’s decision to leave EU.
Any business that enters and processes the personal data of EU citizens, or monitors their online and offline usage and behavior knowingly or unknowingly, or who may have any staff operating in the EU region, will have to comply with the GDPR. The scope of GDPR actually reaches even beyond the borders. So even if you are facing BREXIT and will eventually need to work with any EU-zone company, you will need to take this GDPR compliance into account.
3. What are my obligations?
GDPR applies to all EU citizens and widens the definition of “personal data.” Business will need to define the scope of IT implementations in this case. Any data that can be used to identify a person is now falling under personal data. And this includes data items like “genes,” “prior health records,” “economic and financial information,” “social and online information,” and more.
4. What roles should I hire?
The Data Protection Officer is mandatory appointment and position for all companies that collect EU user-related personal information, along with other roles. This role will be appointed when a company has “regular and systematic monitoring of data subjects on a large scale” or has some activity of “processing on a large scale of special categories of data.” It’s important to consider this requirement as part of your new organizational structure going forward. Assigning roles and responsibilities to your existing GDPR data to be accountable is key. Be ready for changes in your organization (see below).
5. What can I do to re-assess my internal policies and landscape?
Review your PII and privacy policies at regular intervals. This can be an initiative from the data protection office or from the CDO directly. Start documenting things like how you ensure that your policies cover how you handle data upon situations like death or request of deletion. In addition, you should start initiatives to put systems in place to verify individuals’ ages and to gather parental or guardian consent for the data processing activity. For example, data sharing agreements are inherent to Collibra and can be put in place to assess the process of accessing and sharing data. Documenting these internal changes, assessing that the right data is stored, documented, and shared and is adhering to the compliance is crucial in this case. GDPR has a lot to do with not only putting the right systems in place for privacy, but also the documentation and capture of these data processes. Your data controllers must be able to demonstrate that users have given you their consent on their data.
6. Are my tools compliant?
The answer might be no. For example, think about Dropbox. Even though it is a US company, more than 70% of its users are coming from outside of US. The tools you are using to store and process data will also need to comply with the GDPR. And processing and maintaining this and validating the data lifecycle through these systems of use, systems of record, and systems of process require extensive governance.
7. How can I be ready for changes?
In December 2016, a draft of the new European ePrivacy rules was leaked. It contained a number of interesting insights in the ways the EU will regulate privacy in electronic networks which will complement and supplement the GDPR. The EU or any other country may enforce local and international or regional compliance at any point of time. And it is important to maintain these historic changes of how user data is stored, handled, transferred, or processed in a centrally-accessible platform. And this is where the Collibra platform comes into play. With its dedicated Policy Manager and Data Helpdesk capabilities, users can maintain changes and raise concerns when data or metadata governance indicates that GDPR compliance has failed in certain records or systems.
8. What about Privacy Impact Assessment (PIA) ?
GDPR requires companies to do a privacy impact assessment for the information they collect. This also requires a platform like Collibra where all metadata can be linked back and traced back to the systems, users, and related policies. Any new systems on-boarded will need to go through a GDPR compliance check and thereafter, companies should be ready to do a PIA on their systems where the assessment should identify:
It is essential to start planning your approach to GDPR compliance as early as you can and to gain ‘buy in’ from key people in your organization. You may need, for example, to put new procedures in place to deal with the GDPR’s new transparency and individuals’ rights provisions. In a large or complex business, this could have significant budgetary, IT, personnel, governance, and communications implications.
There is no escaping GDPR if you truly want to be a data-driven organization. It is essential to get answers to your GDPR questions and start planning your approach to GDPR compliance in order to avoid fines and get the right buy-ins from your stakeholders.
The deadline is rapidly approaching. Don’t wait to plan your approach to GDPR compliance.
We accelerate trusted business outcomes by connecting the right data, insights, algorithms and people for all Data Citizens.
© 2020 Collibra. All Rights Reserved.
A message to our Collibra community on COVID-19. Read more from our CEO.