GDPR process automation - CIO Sweden · GDPR process automation [email protected] IDG...
Transcript of GDPR process automation - CIO Sweden · GDPR process automation [email protected] IDG...
© 2017 ServiceNow All Rights Reserved 1 Confidential © 2017 ServiceNow All Rights Reserved Confidential
GDPR process automation
IDG Cloud Confessions – GDPR edition 2017-11-14 Stockholm
© 2017 ServiceNow All Rights Reserved 2 Confidential © 2017 ServiceNow All Rights Reserved 2 Confidential
Good morning, it’s Friday May 25th 2018
Yes Sir, we are GDPR compliant
(at least we thought so yesterday)
Now what?
© 2017 ServiceNow All Rights Reserved 3 Confidential © 2017 ServiceNow All Rights Reserved 3 Confidential
Work
Attestations
Assessments
Audits
Reporting
Departments
DPO
Business
IT
Security
Emai l , Spreadsheets,
Forms, Messenger, Cal ls
Is this how we stay compliant?
© 2017 ServiceNow All Rights Reserved 4 Confidential © 2017 ServiceNow All Rights Reserved 4 Confidential
A New System Of Action Is Needed
W O R K F L O W
& A U TO M AT I O N
Request Service
Self-Serve
Real-Time Source of Truth
Machine Notifications
R E Q U E S T E R
Prioritize & Assign Collaborate
Automated Action
Solve Issues
A C T I O N E R
© 2017 ServiceNow All Rights Reserved 5 Confidential
The PII asset mapping process
• Leverage your existing CMDB to manage and maintain Information Assets and associate them to other CIs
• Profile Information Assets to generate Risks and Controls towards them
• Manage Risks, Continuous Control Monitoring and DPIA assessments on Information Assets as well as on Business Services or on IT CIs
CMDB view
Risks related to PII assets
© 2017 ServiceNow All Rights Reserved 6 Confidential
The Data Protection Impact Assessment process
• Use workflows to push Assessments to Business process Owners
• Controls status can then be automatically updated
• For any non-compliant outcomes, an issue can be automatically created and assigned to responsible to take actions on requirements gap.
Compliance
Dashboard
Issues &
Remediation
Control
Compliance
© 2017 ServiceNow All Rights Reserved 7 Confidential © 2017 ServiceNow All Rights Reserved 7 Confidential
The Vendor risk assessment process
• Design a library of Assessments, based on questionnaires and evidence collection
• Schedule the Data Privacy Assessments to Vendors, based on Tiers / Risks
• Propose an external Vendor portal for Vendors to freely respond to the Privacy Assessments pushed to them
Assessment questionnaire
Vendor Portal
Vendor Portfolio
© 2017 ServiceNow All Rights Reserved 8 Confidential
The Employee / Citizen data management process
• Establish a common request Portal for employees or citizens to:
– Renew consent
– Request change, transfer or a snapshot of their PII details
– Provide GDPR related information, policies and your procedures
• Integrate to service management workflows to manage and track requests
© 2017 ServiceNow All Rights Reserved 9 Confidential
The DPO reporting process
• Establish pre-defined reports for DPO and business service owners
– Real-time visibility to attestations, evidence, indicators of some critical controls.
– Report to the Supervisory Authority based on evidence
• Remediation workflows
– Review the progress of remediation Issues & Tasks to completion.
DPO dashboard
© 2017 ServiceNow All Rights Reserved 10 Confidential
The PII breach process
• Turn your breach process runbook into a digital workflow
• Contain the breach
• Escalation to DPO, Communications and Executive management
• Report to Supervisory Authority within 72 hours
Personal Data Breach response workflow
© 2017 ServiceNow All Rights Reserved 11 Confidential © 2017 ServiceNow All Rights Reserved 11 Confidential
Leverage ServiceNow to implement GDPR
Predictive Analytics
Single Database
Knowledge Base
Developer Tools
Workflow Contextual Collaboration
Service Catalog
Subscription & Notification
Service Portal
Multi-instance Secure & Compliant Scalable
Policy &
Compliance
Management
Risk
Management
Security Incident
Response
Vulnerability
Response
Threat
Intelligence
Governance, Risk, & Compliance (GRC) Security Operations
Vendor Risk
Management
Audit
Engagement
© 2017 ServiceNow All Rights Reserved 12 Confidential
Create Your Lightspeed Enterprise™ With ServiceNow
Platform
Cloud Infrastructure
BUSINESS APPS IT SECURITY HR CUSTOMER SERVICE
HR
SECURITY
BUSINESS APPS
CUSTOMER
SERVICE IT
The Lightspeed Enterprise™
© 2017 ServiceNow All Rights Reserved 13 Confidential
ServiceNow is a Fast-Growing, Global Company
~6,000 Employees
Major Sites Silicon Valley, San Diego, Seattle
Amsterdam, London
Sydney, Tel Aviv, Hyderabad
$28M $64M $128M
$683M
$1B
’16
$1.38B*
‘09
$244M
$425M
* Wall Street Consensus Estimates For Full Year 2016 Revenue As Of 1/22/17
$1+ Billion In Annual Revenue
‘10 ‘11 ‘12 ‘13 ‘14 ‘15
© 2017 ServiceNow All Rights Reserved 14 Confidential
Thank you