© 2017 ServiceNow All Rights Reserved 1 Confidential © 2017 ServiceNow All Rights Reserved Confidential

GDPR process automation

david.hyborn@servicenow.com

IDG Cloud Confessions – GDPR edition 2017-11-14 Stockholm

© 2017 ServiceNow All Rights Reserved 2 Confidential © 2017 ServiceNow All Rights Reserved 2 Confidential

Good morning, it’s Friday May 25th 2018

Yes Sir, we are GDPR compliant

(at least we thought so yesterday)

Now what?

© 2017 ServiceNow All Rights Reserved 3 Confidential © 2017 ServiceNow All Rights Reserved 3 Confidential

Work

Attestations

Assessments

Audits

Reporting

Departments

DPO

Business

IT

Security

Emai l , Spreadsheets,

Forms, Messenger, Cal ls

Is this how we stay compliant?

© 2017 ServiceNow All Rights Reserved 4 Confidential © 2017 ServiceNow All Rights Reserved 4 Confidential

A New System Of Action Is Needed

W O R K F L O W

& A U TO M AT I O N

Request Service

Self-Serve

Real-Time Source of Truth

Machine Notifications

R E Q U E S T E R

Prioritize & Assign Collaborate

Automated Action

Solve Issues

A C T I O N E R

© 2017 ServiceNow All Rights Reserved 5 Confidential

The PII asset mapping process

• Leverage your existing CMDB to manage and maintain Information Assets and associate them to other CIs

• Profile Information Assets to generate Risks and Controls towards them

• Manage Risks, Continuous Control Monitoring and DPIA assessments on Information Assets as well as on Business Services or on IT CIs

CMDB view

Risks related to PII assets

© 2017 ServiceNow All Rights Reserved 6 Confidential

The Data Protection Impact Assessment process

• Use workflows to push Assessments to Business process Owners

• Controls status can then be automatically updated

• For any non-compliant outcomes, an issue can be automatically created and assigned to responsible to take actions on requirements gap.

Compliance

Dashboard

Issues &

Remediation

Control

Compliance

© 2017 ServiceNow All Rights Reserved 7 Confidential © 2017 ServiceNow All Rights Reserved 7 Confidential

The Vendor risk assessment process

• Design a library of Assessments, based on questionnaires and evidence collection

• Schedule the Data Privacy Assessments to Vendors, based on Tiers / Risks

• Propose an external Vendor portal for Vendors to freely respond to the Privacy Assessments pushed to them

Assessment questionnaire

Vendor Portal

Vendor Portfolio

© 2017 ServiceNow All Rights Reserved 8 Confidential

The Employee / Citizen data management process

• Establish a common request Portal for employees or citizens to:

– Renew consent

– Request change, transfer or a snapshot of their PII details

– Provide GDPR related information, policies and your procedures

• Integrate to service management workflows to manage and track requests

© 2017 ServiceNow All Rights Reserved 9 Confidential

The DPO reporting process

• Establish pre-defined reports for DPO and business service owners

– Real-time visibility to attestations, evidence, indicators of some critical controls.

– Report to the Supervisory Authority based on evidence

• Remediation workflows

– Review the progress of remediation Issues & Tasks to completion.

DPO dashboard

© 2017 ServiceNow All Rights Reserved 10 Confidential

The PII breach process

• Turn your breach process runbook into a digital workflow

• Contain the breach

• Escalation to DPO, Communications and Executive management

• Report to Supervisory Authority within 72 hours

Personal Data Breach response workflow

© 2017 ServiceNow All Rights Reserved 11 Confidential © 2017 ServiceNow All Rights Reserved 11 Confidential

Leverage ServiceNow to implement GDPR

Predictive Analytics

Single Database

Knowledge Base

Developer Tools

Workflow Contextual Collaboration

Service Catalog

Subscription & Notification

Service Portal

Multi-instance Secure & Compliant Scalable

Policy &

Compliance

Management

Risk

Management

Security Incident

Response

Vulnerability

Response

Threat

Intelligence

Governance, Risk, & Compliance (GRC) Security Operations

Vendor Risk

Management

Audit

Engagement

© 2017 ServiceNow All Rights Reserved 12 Confidential

Create Your Lightspeed Enterprise™ With ServiceNow

Platform

Cloud Infrastructure

BUSINESS APPS IT SECURITY HR CUSTOMER SERVICE

HR

SECURITY

BUSINESS APPS

CUSTOMER

SERVICE IT

The Lightspeed Enterprise™

© 2017 ServiceNow All Rights Reserved 13 Confidential

ServiceNow is a Fast-Growing, Global Company

~6,000 Employees

Major Sites Silicon Valley, San Diego, Seattle

Amsterdam, London

Sydney, Tel Aviv, Hyderabad

$28M $64M $128M

$683M

$1B

’16

$1.38B*

‘09

$244M

$425M

* Wall Street Consensus Estimates For Full Year 2016 Revenue As Of 1/22/17

$1+ Billion In Annual Revenue

‘10 ‘11 ‘12 ‘13 ‘14 ‘15

© 2017 ServiceNow All Rights Reserved 14 Confidential

Thank you