IBM’s Global Chief Data Office, charged with developing a reference architecture and a set of common services for supporting business units in making their data stores ready for GDPR, selected IBM Information Governance Catalog for the central store of privacy data—the privacy catalog—and IBM Data Risk Manager to provide a visual data risk control center for executives and their teams—the risk regulatory dashboard.
By providing a business-consumable dashboard, Data Risk Manager helps privacy officers and data officers at all levels across IBM uncover, analyze and visualize data-related business risks so they can take corrective action. During the months leading up to the GDPR enforcement date, for example, Data Risk Manager could provide insights into instances when personal data could be moved to a system that had better controls for protecting it, when it should be encrypted, or when it could be deleted all together. Visualizations include maps of data residency as well as graphics focused on risk and vulnerabilities.
Now, working from the data store- and application-level information housed in the privacy catalog, Data Risk Manager can provide answers to the basic questions a regulator would ask: What personal data do you have? What is it used for? What applications, business processes and people have access to it? Who is the owner of this particular data store, and where is it located? And as changes are made to the privacy catalog, the updated information is reflected in the dashboard, supporting the ongoing requirement to address compliance with multiple data privacy regulations, including GDPR.
Data Risk Manager can perform at the global level across the company, by business unit or by application, allowing users to see only data that is relevant to their role. IBM’s Chief Privacy Officer and Data Privacy Officercan see the status of sensitive personal data IBM-wide, for example, while a business unit-level data privacy officer can only see data relevant to their operation or location.