Show all

Webcast: Privateness Program Remediation to Incorporate Legacy Techniques

Data protection legislation is based on ideal scenarios that do not take into account how legacy systems handle information. While smaller companies often have a sufficiently simple environment in which to identify and change key systems, large multinationals are rarely given the same opportunity. Large companies may have trouble just identifying all active systems and their contents. Or they have a business-critical reason for using a legacy system that cannot meet the requirements of data protection legislation.

Take part in this anonymized case study covering a large multinational organization in a highly regulated environment and their project to implement data protection requirements based on the EU General Data Protection Regulation in a large IT environment with thousands of systems of all kinds, dude and properties.

Sufficient time will be reserved for questions from the audience.

In this session we will deal with:

  • Identify and quantify GDPR requirements in a large IT environment.
  • Identification of relevant stakeholders.
  • Development of priorities for a large number of data types in a variety of information systems.
  • Determine with sufficient certainty which personal information data types are stored in which systems.
  • Determine what degree of renovation – from complete, verbatim compliance with legal requirements to nothing – is possible for each system.
  • Consensus building among the stakeholders.
  • Negotiation of a forward strategy that is acceptable to both sides.
  • Negotiation of agreed results with system owners and custodian banks.


Dave Cohen, CIPP / E, CIPP / US, Knowledge Manager, IAPP


John Montaña, Vice President, Information Governance, Access

Comments are closed.