We work with lots of enterprises whose BI groups are overloaded as they get their data ready for GDPR. The pressure is of course not vertical specific – companies from nearly every industry are approaching Octopai right now for help to become compliant faster and with fewer inaccuracies.
The gaming industry is probably one of the industries feeling the most heat with regard to protecting the security of its customers. One of our customers from this industry – 888 Holdings – recently shared with us the massive impact Octopai had on the way their BI group was working to secure PII (Personally Identifiable Information) for GDPR compliance. They were in awe of the time savings as they could now complete each task in only 15-20% of their typical turnaround time!
“With Octopai, what used to take months, now takes only days to complete!”
-BI Team Product Leader, 888 Holdings
The Business Challenge
Companies are getting ready for GDPR and are interested in remaining compliant, even as the business changes. GDPR stipulates that organizations in possession of PII must be capable of ensuring the ongoing confidentiality, integrity and availability of the privacy sensitive data.
The BI Challenge
This means that business intelligence teams must mask or encrypt usernames of certain data elements to make them invisible to anyone in the organization who might have access to them. In order to do this, they must first locate every single place where a PII exists across multiple systems, and understand the impact masking or encryption of these elements would have on the other process and reports.
They must also keep in mind that as the business moves forward, changes are built in, such as new fields, new names, new data elements, new tables, new structures, etc., and they must maintain their ability to be GDPR compliant every day, at any moment in time.
Before Metadata Automation
Before using Octopai metadata automation to track the data movement process, the BI group had to manually map everything out to get a view of the data flow – an extremely tedious process that promises little in terms of accuracy. Getting an accurate view of data lineage is critical here.
The BI group would receive a list of PII for encryption or masking, but in order to comply with GDPR they’d first have to identify every single place the data resides within the organization, and only then mask the data in every location. In order to identify every single place the data resides, they’d have to manually map out all the data that appears in the source system, but with so many fields and tables, and with variations in meta naming, the PII names are not always described in the same way and therefore become extremely difficult to find.
For example, if the BI analyst needs to identify and encrypt a phone number, how can he/she know every single place where it resides? Oftentimes different systems have different metadata labeling. Sometimes the field could be labeled “phone number”, while other times it could be “mobile phone number” and still other times, as “telephone number”. A seemingly simple task instantly becomes super complicated and time consuming.
The BI group would have to manually go through everything. For a bit of perspective, it would be like opening 500 Excel sheets and trying to find every single location of a certain piece of data. You might be able to use filters here and there, but the process would take months and months of manual searching.
BI Groups Are Empowered by Octopai Metadata Automation
Octopai automates the entire process. Instead of manually mapping the data movement process to find every location where a PII resides, BI groups are using Octopai’s automated metadata management platform to identify all the PII fields across the entire organization and get complete data lineage. All they have to do is search the PII metadata (“phone number”, for example), and Octopai presents a very clear map of every location of that specific data item. Once the analyst has this information, it becomes very easy for him or her to go in and encrypt or mask the PII in all the locations.
With all the variations in named fields that exist, customers are telling us that without Octopai it would be almost impossible to find all the PII fields. With Octopai they are able to do so easily and 80% faster.
What about changes?
With Octopai, any change created (new ETL processes, new reports, etc) is automatically tracked and analyzed so that the BI group is aware of the impact of any change, especially on GDPR compliance. Octopai helps organizations achieve and maintain their GDPR compliance on an ongoing basis.
For most companies that we hear from, GDPR is a meaningful, compelling event that is like a big test. On a personal level it’s all about the ability to prove that the company is able to meet the regulation, but on a professional level, they worry about:
Visibility of the data movement process
Knowing which sensitive fields need to be monitored in order to meet GDPR
Tracking the changes the organization must go through in order to meet regulations
The amount of time the process can take
Octopai’s automated metadata management platform is helping BI groups and the businesses themselves to achieve compliance in a fraction of the time, and with significantly greater accuracy.