Balancing Privacy, Compliance and Digitization Lessons from Global Financial Firms Enza Iannopollo
Total Page:16
File Type:pdf, Size:1020Kb
Balancing Privacy, Compliance and Digitization Lessons From Global Financial Firms Enza Iannopollo . Analyst on the Security & Risk team at Forrester and a Certified Information Enza Iannopollo Privacy Professional (CIPP/E) Security & Risk Analyst Forrester Research . Research focuses on the impact of internet regulations and data privacy issues on digital business models, as well as the technologies that underpin them . Prior to joining the Security & Risk team, Enza was a researcher on the CIO team 2 Shiva Kashalkar . Leads Product Marketing for DLP Shiva Kashalkar Managed Services and Advanced Threat Director, Product Marketing Protection Marketing Professional . 13 years of marketing, business development & product management experience . Previously at Managed Service Providers and Big Data Analytics companies • Wipro, Oracle, KPN, Empirix 3 Protecting Customer Data In Digital World Enza Iannopollo, Analyst © 2017 FORRESTER. REPRODUCTION PROHIBITED. Agenda › Privacy and innovation in Financial Services › GDPR and PSD2 requirements › Lessons learnt on the way to GDPR compliance › Privacy and GDPR as a business opportunity › Next steps © 2017 FORRESTER. REPRODUCTION PROHIBITED. 5 Agenda › Privacy and innovation in Financial Services › GDPR and PSD2 requirements › Lessons learnt on the way to GDPR compliance › Privacy and GDPR as a business opportunity › Next steps © 2017 FORRESTER. REPRODUCTION PROHIBITED. 6 "Security was traded with the size of the customer base and penalized the bank's ability to gain new customers. They wanted to be super safe, but the business suffered”. UniCredit Group © 2017 FORRESTER. REPRODUCTION PROHIBITED. 7 © 2017 FORRESTER. REPRODUCTION PROHIBITED. 8 Brief: Turn PSD2 From A Burden Into A Catalyst © 2017 FORRESTER. REPRODUCTION PROHIBITED. 9 Customers Leverage Different Channels To Access Their Financial Data Base: 16,175 EU online adults (18+) who are retail banking customers Source: Forrester Data Consumer Technographics® European Financial Services Survey, H2 2016 © 2017 FORRESTER. REPRODUCTION PROHIBITED. 10 74% are ready to switch to a competitor if their bank or insurer suffered a data breach © 2017 FORRESTER. REPRODUCTION PROHIBITED. 11 Only 3% of 26% of financial customers institutions believe that their reported a data bank suffered a breach data breach © 2017 FORRESTER. REPRODUCTION PROHIBITED. 12 Agenda › Privacy and innovation in Financial Services › GDPR and PSD2 requirements › Lessons learnt on the way to GDPR compliance › Privacy and GDPR as a business opportunity › Next steps © 2017 FORRESTER. REPRODUCTION PROHIBITED. 13 The new EU General Data Protection Regulation (GDPR) is here! © 2016 Forrester Research, Inc. Reproduction Prohibited 14 Customer Profiling © 2017 FORRESTER. REPRODUCTION PROHIBITED. 15 Privacy by- default © 2017 FORRESTER. REPRODUCTION PROHIBITED. 16 Privacy by- design © 2017 FORRESTER. REPRODUCTION PROHIBITED. 17 © 2017 FORRESTER. REPRODUCTION PROHIBITED. 18 Agenda › Privacy and innovation in Financial Services › GDPR and PSD2 requirements › Lessons learnt on the way to GDPR compliance › Privacy and GDPR as a business opportunity › Next steps © 2017 FORRESTER. REPRODUCTION PROHIBITED. 19 Don’t make GDPR become the Achilles’ heel of your digital agenda © 2017 FORRESTER. REPRODUCTION PROHIBITED. 20 Assess the status quo © 2017 FORRESTER. REPRODUCTION PROHIBITED. 21 The who and the how of the assessment © 2017 FORRESTER. REPRODUCTION PROHIBITED. 22 Choose the route © 2017 FORRESTER. REPRODUCTION PROHIBITED. 23 Collaborate with your security and privacy team “Today, compliance is trying to protect us in a way to protect business value, and they contribute to the projects that we do.” CSOB, Head Of Digital © 2017 FORRESTER. REPRODUCTION PROHIBITED. 24 Manage third-parties © 2017 FORRESTER. REPRODUCTION PROHIBITED. 25 © 2017 FORRESTER. REPRODUCTION PROHIBITED. 26 Agenda › Privacy and innovation in Financial Services › GDPR and PSD2 requirements › Lessons learnt on the way to GDPR compliance › Privacy and GDPR as a business opportunity › Next steps © 2017 FORRESTER. REPRODUCTION PROHIBITED. 27 Use the slide layouts “Title only” and “Blank” when the main content is a graphic or diagram. "To retain their role in the future, banks should retain the relationship with their customers on different foundations. Not maximize the number of products bought, rather leveraging the know-how to improve customer life.“ Unicredit Group © 2017 FORRESTER. REPRODUCTION PROHIBITED. 28 Know and exploit your data assets way better © 2017 FORRESTER. REPRODUCTION PROHIBITED. 29 Improve the customer experience… © 2017 FORRESTER. REPRODUCTION PROHIBITED. 30 …and drive higher revenues! Customers who have the best experiences are most willing to pay more Source: The Price Premium Of Customer Experience Forrester report © 2017 FORRESTER. REPRODUCTION PROHIBITED. 31 Master your privacy practices to attract new customers share their data in exchange for benefits understand the “data economy” use tools to protect their data (cookie trackers, encryption, etc) read privacy policies before transacting online or downloading apps cancel online transaction if they are uncomfortable with privacy policy have the highest income © 2017 FORRESTER. REPRODUCTION PROHIBITED. 32 Agenda › Privacy and innovation in Financial Services › GDPR and PSD2 requirements › Lessons learnt on the way to GDPR compliance › Privacy and GDPR as a business opportunity › Next steps © 2017 FORRESTER. REPRODUCTION PROHIBITED. 33 Next Steps › GDPR implementation determines how you will leverage data in the next future. Find out who is leading the project and get involved › Start your GDPR strategy from data mapping and classification › Build a risk assessment that includes third party risk › Plan for continuous GDPR compliance › Work with your security tech providers to learn how their solutions can support your GDPR journey © 2017 FORRESTER. REPRODUCTION PROHIBITED. 34 Enza Iannopollo +44 (0)20 7323 7634 [email protected] Thank you FORRESTER.COM © 2017 FORRESTER. REPRODUCTION PROHIBITED. Balancing Privacy, Compliance and Digitization GDPR Compliance with Digital Guardian Why DLP for GDPR Meeting “Integrity & Confidentiality” Principle GDPR LAW: Security Business Protect Impact: Requirement: Personal Data Stop Personal Don’t Slow from Data Data from Business Breaches Leaking Out Processes 38 Technology to Stop Personal Data Loss CONTENT ANALYSIS 4. Permit 1. Analyze content 2. Identify PII 3. Restrict 39 Enterprise DLP – Purpose Built for Compliance Protection against Protection against Protection against Unauthorized unauthorized use unauthorized storage Transmission, Dissemination… 40 DLP for Privacy by Design Principle MONITOR AND CONTROL WITH ENTERPRISE DLP Custom Apps IT Infrastructure Users & Administrators 41 Why Digital Guardian . Founded 2002 to protect all data against theft . Began with protecting IP on the endpoint - the most challenging use case . Simplified compliance and cloud data protection with DG appliance . Launched industry’s first Managed Security Program for DLP . Only security company 100% focused on protecting sensitive data from loss or theft #1 IP Protection 43 Digital Guardian for GDPR Compliance Data Data Data Loss Cloud Data Discovery Classification Prevention Protection Confidential 44 Why Digital Guardian Deepest Visibility Real-Time Analytics Flexible Controls . Network . Filters out the noise . Automatically protects . Endpoint . Accelerates Compliance & sensitive data Security Initiative Don’t impede business . Cloud . Documents Compliance . Databases/Shares . Enforceable on all OS’s Posture to Auditors and . Structured and Management Team . Across network, storage, Unstructured Data cloud and endpoints Confidential 45 Our Managed Security Program to Meet GDPR Compliance PROVEN + METHODOLOGY + People Process Technology Security & Compliance experts Proven Methodology for Industry’s most accurate data protection and privacy Database Record Matching compliance Technology for identifying and controlling PII & PHI Confidential 46 Summary . GDPR Go Live Date May 2018 . Enterprise DLP necessary for GDPR compliance . Blend of People, Process, and Technology to Succeed . Digital Guardian Visibility, Analytics, and Controls • Identify and protect personal data • Demonstrate GDPR Compliance 47 Thank You Any questions? Digital Guardian’s Next Webinar .A Practical Approach to GDPR: Featuring IDC's Duncan Brown . May 23rd @ 14:00 GMT; 9:00AM EDT • Duncan Brown, Associate Vice President, IDC • Zeina Zakhour, Global CTO, Atos Cybersecurity . Watch this webcast to learn: • Who should lead your GDPR compliance project? • What to look for in a Data Protection Officer? • Where and when to start? • What technologies can enable or speed compliance? 49.