General Data Protection Regulation (GDPR)

Data Privacy Transformation powered by ServiceNow

How EY and ServiceNow addresses data privacy governance and GDPR Your team to serve
What is GDPR?
1 Blueprint
2 Tailoring
and adoption 3 Configuration and integration
4 Sustain EY ServiceNow practice contacts

2018 28 Plan and assessment EY GDPR governance

framework
Data privacy operations
Record of Data privacy
Ongoing assistance Laurence Dudson
Product Portfolio Lead

EY GDPR operations accelerators

• Business process • Continuing
EU countries
processing governance

regulation inventory/Record of PIA/DPIA

covered by Processing Activity (RoPA)
• Data subject rights assessments
enforced on modeling
Data subject
Data flow maps
GDPR + 3 EEA rights request
ServiceNow Jatin Rajpal
May 25, 2018 • Assessment of personal data • ServiceNow and
member states usage, retention, deletion
• Policy, procedure BigID operations Product Architect Lead
and standards Breach response
Data protection
maintenance and
policies and procedures impact assessment

creation support
• Identification of control points Data privacy intelligence
• Privacy control • Managed service
for Privacy Impact
framework
Joe Young
Assessments (PIAs/DPIAs) options Business Development Lead
510 m
Personal data

4%
discovery
• Change
• Assessment of existing
Management
governance model for privacy Correlation by data
number of data • RoPA refinement subject

potential fines Michael Gammon

subjects Alliance Manager
as percentage of Inventory and
protected by data mapping

annual revenue
GDPR Plan and assess Design and implement Operate

EY Americas data privacy contacts

Purpose built ServiceNow accelerators to expedite GDPR compliance
6 72
Angela Saverice-Rohan
EY Americas Data Privacy Leader
core data
hours given
subject rights
to report
covered by
a data breach Scott Margolis
GDPR
Financial Services Data Privacy
Record of Data protection Data privacy Leader
processing impact assessment Data subject rights governance Breach response Data flow maps

• Manage data • Conduct risk • Help data subjects • Enforce “data • Manage major • Manage a record of

190+ 350+
collection reviews,
approvals, record-
keeping and
assessments and
manage impact,
risk acceptance,
(employees,
customers, former
employees, etc.) to
privacy by design”
by conducting
regular audits,
breaches that pose
a high risk to the
rights and
data flows for
sensitive PI data of
data subjects
Contact us at:
countries gdpr.servicenow@ey.com
new certification of track remediation exercise their data assessments for freedoms of data
potentially in “record of items and monitor rights and respond processors subjects and notify
requirements
scope of the processing risks in a timely manner including vendors privacy authority
in GDPR activities” for both to protect the and subjects
regulation business processes rights and
and application freedoms of data
subjects
© 2018 EYGM Limited. All Rights Reserved. ED None.