Gain full visibility across your data landscape, find meaning in your data and improve the quality of business decisions.
Discover and download solutions and pre-built integrations for the Collibra Platform.
Get unparalleled value through the combined expertise and unique strengths of our people and technology.
See how security plays a key role in everything from how we build and deliver our platform to how we hire and train employees.
Collibra Privacy & Risk
Discover and understand data that matters so you can generate impactful insights that drive business value.
Understand your ever-growing amount of data in a way that scales with growth and change.
Show how data sets are built, aggregated, sourced and used, providing complete, end-to-end lineage visualization.
Build customer trust by operationalizing privacy policies and scaling compliance across new regulations.
Modernize your operations with a solution that is scalable, accessible and resilient: data in the cloud.
Drive digital growth and customer engagement by breaking down data silos and adding value to customer interactions.
Fuel your self-services analytics with the right data to develop unique business insights.
Innovate for the future while successfully navigating the complex web of regulations.
Transform decision making in the public sector with secure Data Intelligence that is FedRAMP Authorized.
Cloud ready data
Government and public sector
Tap into our knowledge base by connecting, sharing and learning from your peers in our Data Citizens community.
See how Collibra is helping global organizations unlock the value of their data.
Find the resources you need to accelerate time to value and fuel your growth.
Learn from the leaders in Data Intelligence through our individual courses, learning paths, and certification programs.
Data Citizens '20
Take your data strategy to the next level by arming yourself with the knowledge you need to achieve Data Intelligence.
Get advice, tips and tricks from our product experts and industry thought leaders to learn how to make your data meaningful.
Join the world’s largest virtual gathering of professionals focused on empowering businesses to deliver on strategic goals through Data Intelligence.
Check our upcoming events calendar to discover exciting opportunities to learn from our product and industry experts.
Connect the right data, insights, algorithms and people to optimize processes, increase efficiency and drive innovation.
Read our latest announcements, news coverage and thought leadership articles.
Find an opportunity to challenge and be challenged, and work with some of the most talented people in the business.
Get in touch with a member of our global team by locating an office near you, calling us or sending an email.
The implementation of the General Data Protection Regulation (GDPR) is intrinsically linked to a company’s data governance program. Numerous articles have linked to the two initiatives, but none so clearly as Dennis Slattery’s recent article on LinkedIn. The analogy of a wedding between Governance and Privacy is very fitting but also highlights a key factor: a successful long-term marriage is based on strong foundations and mutual effort or as Henry Ford put it: “Coming together is a beginning; keeping together is progress; working together is success.” So how do we make this a successful marriage?
The GDPR regulation is very clear on what needs to be done to protect the Data Citizen’s rights, but the open question most companies are facing is how to comply with the regulation and/or go beyond the minimum and make GDPR work for them.
Most discussions around how to implement GDPR today are focused on one of two approaches: top down or bottom up. I would argue that the approaches are not mutually exclusive and that a successful implementation of GDPR must be based on a combination of these complementary approaches.
In a top down approach, the GDPR team will reach out to the business to get a clear understanding of all business (data) processes that involve personal data in one way or another. For each process (think of third party credit checks, address verification, data analytics, and more) there are a number of attributes that need be clarified such as:
This is not a one-time effort: once all process related to personal data are identified and categorized, they will need to be maintained as the organization, its infrastructure and processes evolve over time.
The bottom up approach is more technical in nature. Companies that have already established metadata management tools can use these solutions to identify personally identifiable information (PII) and attempt to categorize these data elements and assign the relevant attributes for GDPR. This approach quickly hits a bottleneck as the same data can be used for several business purposes and hence cannot be easily classified for GDPR.
The successful GDPR implementation will combine or marry (to stick with Dennis’ analogy) the two approaches.
The first phase is for the GDPR team to analyze the data processes involving PII together with the business and subsequently catalog and maintain these processes within the data governance platform.
In a second phase, load the metadata into your data governance platform and identify the data elements relevant for GDPR. Once the data processes and the data element are identified and governed, you can link them together and easily trace which data elements are used in which business (data) process.
Identifying and categorizing the data processes and elements involving personal data is not the end game: it’s only the beginning of your GDPR journey. The regulation requires companies to implement a risk based approach to the process. What does that mean in practice? You will need risk metrics for both the business processes and the data elements in order to identify where your higher risk of breaches are. For higher risk processes a Data Protection Impact Assessment will have to be carried out. Where the risk of a breach is high, a risk based approach requires some form of mitigation in order to lower the risk exposure. Mitigation can come in several ways, two of the most effective mitigants on the technology side are pseudonymization and anonymization.
All of the above (data processes, data elements, attributes, risk metrics, mitigations, and more) will have to be governed and must be auditable at any point in time by the regulators.
To achieve long-term happiness in this wedding, invest in the right solution today. Collibra delivers a best-in-class data governance solution that supports GDPR. Or as Henry Ford eloquently wrote: “working together is success.”
Olivier has over 15 years of experience implementing global Risk and Regulatory solutions within the Financial Services sector. Having experienced the rising need for data governance hands on, he now brings his knowledge and expertise to help companies achieve the highest returns on data governance initiatives.
© 2020 Collibra. All Rights Reserved.
A message to our Collibra community on COVID-19. Read more from our CEO.