So You Think GDPR Doesn’t - Graphic Imaging...2019/03/01 · • Creating searchable knowledge...

So You Think GDPR Doesn’t

Impact You? Think again!

© Bob Larrivee Consultancy 2018

Presented by:

Bob Larrivee

President/Founder

Bob Larrivee Consultancy

[email protected]

www.boblarriveeconsulting.com

Twitter: @BobLarrivee

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCMvN3Pve-McCFcrXGgodrK8OXA&url=http://www.reed.co.uk/jobs/iron-mountain/p4535&psig=AFQjCNFJufMFNrJv6yueh8XeM_d1-q_fuw&ust=1442396265820042

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCMvN3Pve-McCFcrXGgodrK8OXA&url=http://www.reed.co.uk/jobs/iron-mountain/p4535&psig=AFQjCNFJufMFNrJv6yueh8XeM_d1-q_fuw&ust=1442396265820042

mailto:[email protected]

What is GDPR?

©Bob Larrivee Consultancy 2018

GDPR In A Nutshell


• More rigorous data security measures to protect the confidentiality,

integrity and availability of personal information, including provision for

technical measures such as encryption.

• A higher bar for obtaining consent, which must be in the form of

a clear affirmative action.

• New breach notification provisions with considerably more teeth

• The need to offer a choice by which data subjects may opt out

• The ability for the data subject to access, correct and delete any

inaccurate information, including a “right to be forgotten.

• New governance over data and data processes, including

specific appointments of a Chief Privacy Officer (CPO)

Many More


The Nevada Open Meeting Law • Give at least 3 days’ advance notice to the public of a meeting, with

the time and place of the meeting and an agenda

• Allow public comment, either at the beginning and the end of the

meeting, or after each agenda item on which action may be taken but

before such action is taken

• Provide copies of materials.

• Minutes of public meetings must be kept and are public records.

The California Consumer Privacy Act of 2018

• Fundamentally based on the GDPR

• Many overlapping requirements

• Most stringent regulation in the US

• Many more States considering similar regulations

• Potential future Federal regulation

Businesses Can’t See The Forrest Through The Trees


Businesses Need A More Holistic View


It Is What’s Driving Information Governance?


• Compliance and Data Loss

• Increase in Data Related

Incidents

• Poor Email Governance

• Managing Paper Records

Compliance and Data Loss


• Compliance (61%) and preventing data

losses (51%) are biggest drivers.

• Creating searchable knowledge (48%).

• Reducing storage via defensible deletion

(35%) .

Source: AIIM Industry Watch

Data Related Incidents


• 51% have had a data-related incident.

• 16% suffered a data breach, half from

external hacking and half from staff.

• Staff negligence or bad practice is most

likely cause of data loss (22%).

• Source: AIIM Industry Watch

Poor Email Governance


• 41% describe their email management as

“chaotic”.

• 16% have fixed delete-all policies, 19%

keep everything.

• 16% dedicated archive with defined

retention and hold.

• 8% use ECM/RM


Paper Records


• 33% increasing (10% rapidly)

• 39% decreasing (10% rapidly)


How Bad Can It Be?


• 1,579 data breaches reported in 2017.

• 178,955,069 records exposed.

• 790 breaches reported as of August 14,

2018.


• Breach Breakdown

• 361 reported by Businesses

• 213 reported in Medical/Healthcare

• 96 reported in Banking/Credit/Financial

• 64 reported in Government/Military Source: Identity Theft Resource Center

Governance – Rules Are Needed


• 1,579 data breaches reported in 2017.


• 790 breaches reported as of August 14,

2018.


• Breach Breakdown

• 361 reported by Businesses

• 213 reported in Medical/Healthcare

• 96 reported in Banking/Credit/Financial

• 64 reported in Government/Military Source: Identity Theft Resource Center

What Governance? What Rules?


• 22% have none, or just have plans.

• 15% with enterprise wide IG policies

• 28% mixed across departments.

• 36% somewhat immature.


Control and Structure


• Largest orgs much more likely to have

enterprise-wide (25%).

• 36% of smallest (and 10% of largest!) have

none, or just have plans.


Setting Things Straight


• Retention and access are basics, 78%.

• Data Protection 65%.

• Mobile access and on-device 47%

• BYOD and cloud-based 39%.


Organizational Challenges


• Enforcing policy once created is biggest issue

(41%).

• Then getting the right people interested and

involved (39%), particularly senior

management.


Help Is Needed


• More than 40% need help most with

convincing senior management.

• Then taxonomy, and content assessment.

• 31% need help to find or train info. pros.


What Should You Do?


Eliminate ROT


• It is ROT!

• Redundant

• Out-dated

• Trivial

• On average, 51% of Electronically Stored

Information has no value.


Develop A Reduction Strategy


• Look to replace file shares with ECM/ERM.

• Clean that data

• Consider a cloud model and outsourcing.

• Automate Governance.

Automate Governance


Auto-classification


Content and Metadata Correction/Enhancement


• 22% are re-capturing and using OCR on

archives to add value.

• 3% looking to convert for analytics.


Man vs. Machine


• 34% feel automation is more consistent

than humans, 20% feel it’s more accurate

too.

• 48% prefer machine prompt with human

review.


What You Can Gain


• Cost saving is typical main target.

• Business resilience.

• Easier cross-enterprise access and

adoption.

• Minimizing Risk/Non-Compliance

• Under control from capture at first touch-

point.

• Identification and Classification

• Security and Metadata applied

• Less volume during eDiscovery, Audits,

and Requests for Information.

• Greater consistency, and adherence to

business rules.

You’ve Taken The First Step


You are here! • Automated Capture • Physical Capture Technology • Records Retention • Information Governance Tools • Benefits of Backfile Conversion

Contact Me


Bob Larrivee

President/Founder

Bob Larrivee Consultancy

[email protected]

www.boblarriveeconsulting.com

Twitter: @BobLarrivee

mailto:[email protected]

So You Think GDPR Doesn’t - Graphic Imaging...2019/03/01 · • Creating searchable knowledge...

Documents

Transcript of So You Think GDPR Doesn’t - Graphic Imaging...2019/03/01 · • Creating searchable knowledge...