![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM0MTgxNTA3.png)
Dez Blanchfield50![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE3ODk5NzEy.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM1MjAzMzE5.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE3ODk5NzEy.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM1MjAzMzE5.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0NzQ2OTEw.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjc1NDU1Ng.jpeg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0Mjc4NDMw.jpeg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM0MTgxNTA3.png)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM0MTgxNTA3.png)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjgzOTkwMDMwMDg1MzAxNDUyOA.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE3ODk5NzEy.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0Mjc4NDMw.jpeg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjIyODI0MjQz.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0NzQ2OTEw.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjc1NDU1Ng.jpeg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjMxNTgyNTQw.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0Mjc4NDMw.jpeg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjMwNDA3NDAzNzk.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjgzOTkwMDMwMDg1MzAxNDUyOA.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM4NDkxNjM0OA.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjIyODI0MjQz.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0MTMwNDA3MA.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjc1NDU1Ng.jpeg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0NzQ2OTEw.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0NzQ2OTEw.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM4NDkxNjM0OA.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjU3NDAxMTg4.jpeg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM4NDkxNjM0OA.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0MTMwNDA3MA.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjI5MTgxNjM4NA.jpeg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM1MjAzMzE5.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE3ODk5NzEy.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjgzOTkwMDMwMDg1MzAxNDUyOA.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0NzQ2OTEw.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE3ODk5NzEy.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM4NDkxNjM0OA.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0NzQ2OTEw.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjgzOTkwMDMwMDg1MzAxNDUyOA.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjMzMTI1NDEwMzI.png)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjIyODI0MjQz.jpg)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE3ODk5NzEy.jpg)
Q2: What are the biggest gaps for firms in preparing for #GDPR? Is there an opportunity here for new #technology? @dez_blanchfield @evankirstel @Kevin_Jackson @CAMainframe
http://www.via-cc.at...
http://www.via-cc.at...
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE3ODk5NzEy.jpg)
Kevin L. Jackson - (ISC)2 CCSP, Swansea, UK
A2. Data classification. It only gets harder from here if you donโt classify your data based on contractual requirements, data sovereignty, PII, sensitivity and regulatory requirements.
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM1MjAzMzE5.jpg)
Evan Kirstel
Each organisation works differently. In some, enterprise architects may be directly responsible for ensuring #GDPR #compliance. In others, architects may not have even been invited to the party. So the first thing for architects to do is buddy up!
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE3ODk5NzEy.jpg)
Kevin L. Jackson - (ISC)2 CCSP, Swansea, UK
A2. You also need classification in order to effectively use SIEM. Check out https://www.ca.com/u...
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM1MjAzMzE5.jpg)
Evan Kirstel
You must prioritize which #GDPR requirements to tackle first!
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0NzQ2OTEw.jpg)
Craig Mullins
I agree with @kevin_jackson - how many orgs even know what all their data is (lack of metadata) to know what must be in compliance with GDPR. That is a big task to tackle!
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjc1NDU1Ng.jpeg)
Christopher Penn #THINK2018 Speaker
Data identification and unification. Virtualization of data to put everything in a seemingly local interface will let data architects find and identify data faster.
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0Mjc4NDMw.jpeg)
Jeff Cherrington
@Kevin_Jackson Kevin, what constraints are mainframe data centers facing when attempting to classify the unclassified accumulation of data from the decades the mainframe has been in use?
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM0MTgxNTA3.png)
Dez Blanchfield
- so many companies are still seeming to struggle with just developing a basic Vocabulary and Language to even discuss the issues - I think for many just starting the conversation is a major 1st step ;-)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM0MTgxNTA3.png)
Dez Blanchfield
- and of course there's the fact that we now only have 55 left to actually get compliant ;-)
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjgzOTkwMDMwMDg1MzAxNDUyOA.jpg)
Chip Mason
@craigmullins Identifying and classifying data is the best first step to GDPR compliance. You need to know where your risk might be.
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE3ODk5NzEy.jpg)
Kevin L. Jackson - (ISC)2 CCSP, Swansea, UK
@craigmullins managing the #Metadata is harder than managing the data!
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0Mjc4NDMw.jpeg)
Jeff Cherrington
Days until GDPR goes into effect https://howmanydayst...
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjIyODI0MjQz.jpg)
Tripp Braden
Its about not having the right people focused on the critical activities, priorities and budget for the #GDPR challenge
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0NzQ2OTEw.jpg)
Craig Mullins
@Kevin_Jackson If only people had adopted and actually used Metadata Repositories like CA Repository!
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjc1NDU1Ng.jpeg)
Christopher Penn #THINK2018 Speaker
from a marketing perspective, pivoting from PII to behavioral data is also a major step needed. Reduce dependence on collected data from customer records.
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjMxNTgyNTQw.jpg)
Marcel Mitran
Data classification and life-cycles are incredibly complex and living beast. In general you need to trade-off agility and innovation for control and management. Less than ideal!
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0Mjc4NDMw.jpeg)
Jeff Cherrington
Classifying data is critical for privacy, articles 25 & 32, and for right to access, article 15, right to be forgotten, article 17, and right to data portability, article 20
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjMwNDA3NDAzNzk.jpg)
Ravi Patil
A2. Hoping firms do not wait for major fines to be levied before taking action on #GDPR.
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjgzOTkwMDMwMDg1MzAxNDUyOA.jpg)
Chip Mason
And don't forget, GDPR is not limited to EU companies. Many US companies have signed Commerce Dept Privacy which puts them under the regulation
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM4NDkxNjM0OA.jpg)
Shira Rubinoff
basic overview - for those unsure...\ : According to GDPR orgs must: 1) only process data for authorized purposes 2) ensure data accuracy and integrity 3) minimize users identity exposure 4) implement data security measures
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjIyODI0MjQz.jpg)
Tripp Braden
The larger elephant in the room is who will be held responsible for missing deadline, the CEO, Board or CIO?. Will their stock price take a hit? #GDPR
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0MTMwNDA3MA.jpg)
Tony Flath ๐ Podcast
Craig @craigmullins on the metadata point do you see converged data being more efficient and what role does #blockchain play here? @kevin_jackson #LetsTalkAboutData
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjc1NDU1Ng.jpeg)
Christopher Penn #THINK2018 Speaker
@TrippBraden That's a huge elephant. Everyone with P&L responsibility has a stake in #GDPR compliance.
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0NzQ2OTEw.jpg)
Craig Mullins
@TmanSpeaks There may be more metadata available for converged data
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0NzQ2OTEw.jpg)
Craig Mullins
@TmanSpeaks Not really sure how blockchain could help us to identify and classify all of our existing data
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM4NDkxNjM0OA.jpg)
Shira Rubinoff
stats indicate that 65% of organizations will fail to meet GDPR deadlines - @TrippBraden who is responsible? I believe that the responsibility will vary per organization - but the finger will be pointed across the C- channels
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjU3NDAxMTg4.jpeg)
Bud Walder
maybe an opportunity for a new GDPR insurance policy!
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM4NDkxNjM0OA.jpg)
Shira Rubinoff
@kwwalder will happen - similarly to having a Cyber insurancy policy
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0MTMwNDA3MA.jpg)
Tony Flath ๐ Podcast
@craigmullins I was just more future thinking and effective data management with global #metadata but I'd leverage you and Dez on that front! #LetsTalkAboutData
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjI5MTgxNjM4NA.jpeg)
Priya Dewan Doty
@Kevin_Jackson this is one place to start http://cainc.to/cNpN...
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM1MjAzMzE5.jpg)
Evan Kirstel
@TrippBraden planning planning planning
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE3ODk5NzEy.jpg)
Kevin L. Jackson - (ISC)2 CCSP, Swansea, UK
@TmanSpeaks #Blockchain can help a lot!
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjgzOTkwMDMwMDg1MzAxNDUyOA.jpg)
Chip Mason
@TmanSpeaks AMZ has a great solution, but for mainframe, no need to move the data. Keep it in place and identify risk of PII with CA DCD https://www.ca.com/u...
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0NzQ2OTEw.jpg)
Craig Mullins
@Kevin_Jackson Interested to learn how Kevin?
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE3ODk5NzEy.jpg)
Kevin L. Jackson - (ISC)2 CCSP, Swansea, UK
@craigmullins #Blockchain can be used to track data provenance.
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjM4NDkxNjM0OA.jpg)
Shira Rubinoff
Biggest gaps are budgets - as well as time factors. There are many areas the companies have to tighten up on - in order to get there budgets have to be allocated first
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE0NzQ2OTEw.jpg)
Craig Mullins
@Kevin_Jackson Certainly looking-forward but not really helpful for identifying and categorizing existing data - perhaps I was focusing my thoughts too narrrowly
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjgzOTkwMDMwMDg1MzAxNDUyOA.jpg)
Chip Mason
@TrippBraden Consensus seems to be that as long as you can prove 'significant effort' there will be leniency on compliance. But if you have a breach: the hammer will fall!
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjMzMTI1NDEwMzI.png)
RADAR
Meeting the 72-hr notification timeframe will be a real challenge for US orgs, as most US laws allow for 30-45 days or even more vaguely "most expeditious time possible." 72 hrs will feel like a sprint in comparison! Automation can streamline the process.
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjIyODI0MjQz.jpg)
Tripp Braden
@evankirstel Maybe a ready, fire, aim strategy might be more appropriate give the current status of their planning
![](https://crowdspotsimages.s3-us-west-2.amazonaws.com/profile-images/dXNlcjp0d2l0dGVyOjE3ODk5NzEy.jpg)
Kevin L. Jackson - (ISC)2 CCSP, Swansea, UK
@jcherrington The challenge is in enforcing enterprise IT governance.