|Click on the image above for an expanded view||We fielded several questions as part of our recent webinar, Semantic Data Governance for GDPR Compliance. The webinar focused on how organizations can leverage TopBraid Enterprise Data Governance (EDG) to effectively prepare for GDPR compliance.|
Questions about TopBraid Enterprise Data Governance (EDG) and preparing for GDPR compliance
Q1:You have shown support for the management of several types of information elements and their connections needed to address GDPR. But how does the data get into your governance environment?
If you already use TopBraid EDG for data governance, much of the information is already in the environment and you just need to annotate certain information as being PII. If you are using TopBraid EDG for the first time, we provide a spreadsheet template and a REST service that you can use to import your data in EDG in a structured manner.
Q2:How can I even find the information to collect and identify as relevant to GDPR in order to bring it into TopBraid EDG?
Well, certainly this is every organization's unique challenge and responsibility. As with every data governance challenge – which GDPR compliance is – a carefully integrated combination of people, processes and technical tools or systems support is needed.
We have shown how TopBraid EDG provides comprehensive data governance capabilities and specific structured knowledge models for addressing GDPR compliance. In addition, identification and capture of the information needed requires collaboration and social networking types of communication and processes within an organization.
TopBraid EDG does provide many capabilities for collaboration, including team comments, tasks and a RACI matrix for notifications. These collaboration tools allow and encourage the people most familiar with the data to participate in and help drive the identification and collection processes. We are also exploring automated technologies as well as modern “social construction” methods that will allow EDG to drive what we might call the “cloudsourcing” of the knowledge that already exists in your organization.
Q3:Where do the lists in the drop-down menus come from?
The short answer is, “It depends on which one you are using.” All of the lists originate in separate model files delivered with the product and reflect the requirements of the information for which they are provided. The lists, for example, of personal data categories and regulated data activities were derived from categories mentioned in the text of the GDPR. Countries and their relationship with the EU are included from geography models and EU data. The drop-down list that allows selection of various types of “Compliance Assets” was created by TopQuadrant to provide useful views of various compliance related items and activities such as regulations, documents, compliance forms, data related processes and compliance resources.
What is most important is that TopBraid EDG is based throughout on a model-driven user interface paradigm. All of these lists (as well as almost every other user interface functionality) are driven from fully customizable models rather than being hard coded into the product. These text-based models driving the interface are written using the same W3C semantic standards we've discussed and can be modified in a text editor or our IDE. In this way, the lists can be narrowed, extended or the terminology refined to align with terms used in your organization.
Q4: What is the Knowledge Engine?
What we call the Knowledge Base Engine is actually a set of rules on the data. These are rules that are written based on open W3C standards.
You can view these rules, and change them, or write your own as needed, tailored to your needs. Why would you want to change these? Your legal counsel may have specific or different interpretations for which GDPR regulations are applicable in your data situations and how to apply these. Or you may want to create your own obligations and procedures that relate to how personal date is handled for GDPR compliance in your organization.
We provide a ready set of rules for situations that we have identified, but there are very large number of potential use cases, so we may not have covered one of yours. Or perhaps your rules may evolve over time. It is essential that you have control over your data and the rules on them. That’s why it is important that both are written using open standards.
Q5: Does EDG support natural language search?
EDG does support full-text search, faceted and parametric search with regex support.
Q6: Is there a stronger affinity to graph-based data stores vs relational data stores within this tool?
The internal representation of data inside TopBraid platform uses RDF. RDF is a graph data model.
For storing this data, there is out-of-the-box support for both relational databases (e.g., MySQL, MS SQL, Oracle) and native RDF databases (triple stores). The product ships with the Apache Jena TDB database and it can also use MarkLogic for persistence.
Q7: Is TopBraid EDG available in developers license? For example integrators who would use it for GDPR integration.
Yes, different licensing options are possible depending on the usage. Please contact us at: firstname.lastname@example.org for details.