GDPR Quick Start Guide GDPR CONSENT DASHBOARD

MarkLogic Consulting has developed a GDPR Quick Start service. It will get you up and running

with one of the most difficult aspects of this regulation – evidence-based status of consent – in a

GDPR Consent Dashboard.

GDPRThe EU General Data Protection Regulation (GDPR) is coming into effect in May 2018. Any organisation in possession of EU citizens’ personal data is subject to compliance.

Consented usage of EU citizens’ personal data is central to the regulation. As this is a new requirement, consent hasn’t been collected for all personal data types, may be inconsistent across data types and systems, may not have time stamps, or may not exist at all. In addition, a 72-hour data breach notification rule requires a near real-time reporting capability built on a highly secure data management system to demonstrate compliance at the request of the regulator and EU citizens.

When considering the “Lawfulness of processing” article 6 (https://www.privacy-regulation.eu/en/), organisations must be able to prove that they had consent to process the personal data. This necessitates a comprehensive audit of personal data consent status.

According to the Information Commissioner’s Office in the UK (www.ico.org.uk), “Consent must be freely given, specific, informed and unambiguous. There must be a positive opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity. It must also be separate from other terms and conditions, and you will need to have simple ways for people to withdraw consent.”

Jurisdictional restrictions to access, process, archive, and transfer data require the appropriate policies implemented at the database level.

MarkLogic Consulting has developed a service specifically designed to put you on the right path to GDPR compliance. Our offering utilizes the operational and transactional MarkLogic® database to build a GDPR consent dashboard.

GDPR QUICK START The GDPR Quick Start service will get you up and running with one of the most difficult aspects of this regulation – evidence-based status of consent – in a GDPR Consent Dashboard.

WHAT WE WILL DO:1. Get Data Subject consent status from three different source systems into a centralised data hubAn important first step in determining what data and consent your organisation holds for a Data Subject is to ensure you can identify each individual as a single entity.

MarkLogic consultants will show you how to use our industry standard endpoints (including HTTP/REST) and data loading tools for quick and easy integration of data from your source systems such as CRM, Marketing, E-commerce, HR, etc. We’ll help you understand why you don’t need to develop a full data model or complex transforms, and will demonstrate how you can get data integrated in days rather than months.

Below is a sample solution architecture we use to build your GDPR Consent Dashboard.

REPORTDASHBOARD

IDENTIFYPERSONAL DATA1

HARMONIZE PERSON RECORDS2

DOCUMENT USAGE AND PURPOSE3

LINK TO PERSONENTITY

PROVENANCE &LINEAGE

CONSENTDOCUMENTATION

INDIVIDUAL

2

2. Drill down to a Data Subject levelThe GDPR Consent Dashboard will use built-in algorithms and techniques such as ‘Double Metaphone’ and ‘fuzzy matching’. These automated matching and merging algorithms are used to disambiguate personal identity based on data which may come from one, two or all three systems. For example, if names or addresses of Data Subjects may have been misspelled at the point of data entry, these records will still be detected and consolidated automatically in English, Slavic, Germanic, Celtic, Greek, French, Italian, Spanish, and other languages. This is a key advantage for a personal data privacy regulation such as EU GDPR, with 24 official languages in the EU.

For each Data Subject our application can identify:

• What consent has been granted, in which system, on what date/time, and (if recorded) for what purpose. This provenance can be used to trace back to the original records in the source systems.

• What evidence exists to prove that consent has been granted by each individual, if recorded in the source system.

3. Consent status reports While the detailed information on Data Subjects is the key driver for the application, the ability to identify areas where data is missing or non-compliant across the full data set is also important. If you can point to specific areas where data is missing or incomplete, then you can make informed decisions about where resources should be directed. For example, a ‘consent refresh’ program can then be implemented in an efficient manner.

A consent status dashboard can show a roll-up of important metrics:

• Number of individuals identified in the database • Percentage of individuals with full consent, partial consent, and no consent• Breakdown of consent status by source system

3

EXTENSIBILITY The goal of the Quick Start is to demonstrate how quickly your organisation is capable of getting onto the GDPR compliance journey. The application can be expanded to include all your systems and take advantage of MarkLogic’s proprietary functionality to manage consent over time.

KEY FACTORS FOR YOUR SUCCESSWe have solved multiple regulatory compliance use cases and can help accelerate your compliance journey.

You won’t need a big resource commitment for the GDPR Quick Start, nor a lot of upfront work in data modelling, but there are a few things that we believe to be critical to the success:

1. Identify the three source systems for the Quick Start. Select the sources that are likely to have enough rich information on individuals and consent to facilitate the entity matching and linking. CRM, Human Resources, Campaign Management, and E-commerce systems are excellent candidates.

2. Access to sample data – we don’t need a full data model, but we do need data from upstream systems so that we can start building the transforms for these inside MarkLogic.

3. A strong integrated team – you need people that know and run your business to be part of your core team, so that information and validation are available at the point of need.

HOW WE WORKIf you ensure that the above are in place when you start your engagement with MarkLogic Consulting, over the course of the 30 days of your GDPR Quick Start project we would expect to:

1. Quickly review your sample data sources to ensure that your nominee systems are suitable for the project 2. Define and implement processes and communication structures to ensure that we can work with your product

owner and subject matter experts most efficiently3. Document a plan for ingesting data from your source data systems 4. Develop transforms in MarkLogic to enable Data Subject matching and linking5. Deliver the GDPR application dashboard and Data Subject reports6. Document a transition plan for extending the application to additional source systems and for

production hardening

4

© 2017 MARKLOGIC CORPORATION. ALL RIGHTS RESERVED. This technology is protected by U.S. Patent No. 7,127,469B2, U.S. Patent

No. 7,171,404B2, U.S. Patent No. 7,756,858 B2, and U.S. Patent No 7,962,474 B2. MarkLogic is a trademark or registered trademark of MarkLogic

Corporation in the United States and/or other countries.  All other trademarks mentioned are the property of their respective owners.

MARKLOGIC CORPORATION 999 Skyway Road, Suite 200 San Carlos, CA 94070

+1 650 655 2300 | +1 877 992 8885 | www.marklogic.com | sales@marklogic.com

WHY MARKLOGIC CONSULTINGA SOUND FOUNDATION FOR YOUR REGULATORY COMPLIANCE STRATEGY Choosing the MarkLogic GDPR Quick Start service will provide your organisation with tangible privacy assessment results and an impartial personal data audit – a critical element in your GDPR compliance strategy.

POWERED BY OUR MULTI-MODEL DATABASESolving regulatory data challenges requires a database that empowers you to integrate all of your data with minimal disruption to your business. MarkLogic’s multi-model database does just that and also provides powerful, “ask anything” search, semantic capabilities, and bi-temporal stamping for querying data. With support for secure operations, accurate reporting and analysis over the full lifecycle of data, the agile MarkLogic platform makes it easier to adapt to changes in regulations – and ensure that you meet the 2018 EU GDPR deadline.

SUPPORTED BY A TEAM OF DEDICATED CONSULTANTSThe MarkLogic Consulting Services team are experts with vast experience of solving data integration challenges with large data volumes, variety, velocity, and complexity. They work on the world’s most complex data integration projects and they leverage an agile Delivery Methodology that encourages stakeholder feedback and accelerates skill acquisition among team members to ensure your project’s success.

Consulting Services is constantly evolving its methodology to capture best practices and lessons learned. This dedication to perfection enables powerful, agile, and trusted applications delivered to market faster and more efficiently.

Contact us at consulting@marklogic.com to learn more and request the GDPR Quick Start.