Balancing Privacy, Compliance and Digitization Lessons from Global Financial Firms Enza Iannopollo

Balancing Privacy, Compliance and Digitization Lessons From Global Financial Firms Enza Iannopollo

. Analyst on the Security & Risk team at Forrester and a Certified Information Enza Iannopollo Privacy Professional (CIPP/E) Security & Risk Analyst Forrester Research . Research focuses on the impact of internet regulations and data privacy issues on digital business models, as well as the technologies that underpin them

. Prior to joining the Security & Risk team, Enza was a researcher on the CIO team

2 Shiva Kashalkar

. Leads Product Marketing for DLP Shiva Kashalkar Managed Services and Advanced Threat Director, Product Marketing Protection Marketing Professional

. 13 years of marketing, business development & product management experience

. Previously at Managed Service Providers and Big Data Analytics companies • Wipro, Oracle, KPN, Empirix

3 Protecting Customer Data In Digital World

Enza Iannopollo, Analyst

› Privacy and innovation in Financial Services › GDPR and PSD2 requirements › Lessons learnt on the way to GDPR compliance › Privacy and GDPR as a business opportunity › Next steps

© 2017 FORRESTER. REPRODUCTION PROHIBITED. 6 "Security was traded with the size of the customer base and penalized the bank's ability to gain new customers. They wanted to be super safe, but the business suffered”. UniCredit Group

Base: 16,175 EU online adults (18+) who are retail banking customers Source: Forrester Data Consumer Technographics® European Financial Services Survey, H2 2016

› Privacy and innovation in Financial Services › GDPR and PSD2 requirements › Lessons learnt on the way to GDPR compliance › Privacy and GDPR as a business opportunity › Next steps

“Today, compliance is trying to protect us in a way to protect business value, and they contribute to the projects that we do.” CSOB, Head Of Digital

› Privacy and innovation in Financial Services › GDPR and PSD2 requirements › Lessons learnt on the way to GDPR compliance › Privacy and GDPR as a business opportunity › Next steps

"To retain their role in the future, banks should retain the relationship with their customers on different foundations. Not maximize the number of products bought, rather leveraging the know-how to improve customer life.“ Unicredit Group

© 2017 FORRESTER. REPRODUCTION PROHIBITED. 30 …and drive higher revenues! Customers who have the best experiences are most willing to pay more Source: The Price Premium Of Customer Experience Forrester report

share their data in exchange for benefits

understand the “data economy”

use tools to protect their data (cookie trackers, encryption, etc)

read privacy policies before transacting online or downloading apps

cancel online transaction if they are uncomfortable with privacy policy

have the highest income

› Privacy and innovation in Financial Services › GDPR and PSD2 requirements › Lessons learnt on the way to GDPR compliance › Privacy and GDPR as a business opportunity › Next steps

› GDPR implementation determines how you will leverage data in the next future. Find out who is leading the project and get involved › Start your GDPR strategy from data mapping and classification › Build a risk assessment that includes third party risk › Plan for continuous GDPR compliance › Work with your security tech providers to learn how their solutions can support your GDPR journey

GDPR LAW: Security Business Protect Impact: Requirement: Personal Data Stop Personal Don’t Slow from Data Data from Business Breaches Leaking Out Processes

38 Technology to Stop Personal Data Loss CONTENT ANALYSIS

4. Permit 1. Analyze content

2. Identify PII

3. Restrict

39 Enterprise DLP – Purpose Built for Compliance

Protection against Protection against Protection against Unauthorized unauthorized use unauthorized storage Transmission, Dissemination…

40 DLP for Privacy by Design Principle

MONITOR AND CONTROL WITH ENTERPRISE DLP

Custom Apps IT Infrastructure Users & Administrators

41 Why Digital Guardian . Founded 2002 to protect all data against theft . Began with protecting IP on the endpoint - the most challenging use case . Simplified compliance and cloud data protection with DG appliance . Launched industry’s first Managed Security Program for DLP . Only security company 100% focused on protecting sensitive data from loss or theft #1 IP Protection

43 Digital Guardian for GDPR Compliance

Data Data Data Loss Cloud Data Discovery Classification Prevention Protection

Confidential 44 Why Digital Guardian

Deepest Visibility Real-Time Analytics Flexible Controls

. Network . Filters out the noise . Automatically protects . Endpoint . Accelerates Compliance & sensitive data Security Initiative Don’t impede business . Cloud . . Documents Compliance . Databases/Shares . Enforceable on all OS’s Posture to Auditors and . Structured and Management Team . Across network, storage, Unstructured Data cloud and endpoints

Confidential 45 Our Managed Security Program to Meet GDPR Compliance

PROVEN + METHODOLOGY +

People Process Technology Security & Compliance experts Proven Methodology for Industry’s most accurate data protection and privacy Database Record Matching compliance Technology for identifying and controlling PII & PHI

Confidential 46 Summary

. GDPR Go Live Date May 2018 . Enterprise DLP necessary for GDPR compliance . Blend of People, Process, and Technology to Succeed . Digital Guardian Visibility, Analytics, and Controls • Identify and protect personal data • Demonstrate GDPR Compliance

47 Thank You Any questions? Digital Guardian’s Next Webinar

.A Practical Approach to GDPR: Featuring IDC's Duncan Brown . May 23rd @ 14:00 GMT; 9:00AM EDT • Duncan Brown, Associate Vice President, IDC • Zeina Zakhour, Global CTO, Atos Cybersecurity

. Watch this webcast to learn: • Who should lead your GDPR compliance project? • What to look for in a Data Protection Officer? • Where and when to start? • What technologies can enable or speed compliance?