Description
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.This project’s purpose is to identify any gaps between our current situation and a GDPR-compliant future situation in our non-production (e.g. test) environments. Other parts of the GDPR programme are working with compliance in production environments.
Requirements
The main responsibility is to perform the as-is study, i.e. to collect a complete inventory of our test environments and what test data they are using, such as:
- Test environment name, owner
- Encryption or masking method used (if any)
- A map of where personal information is stored (column/table level)
- Monitoring and access control
- Other security measures
The as-is study should include all test environments within the bank without geographical limitations. A baltic banking resource will assist in gathering information about baltic banking systems. When the as-is study is complete, a detailed gap analysis should be developed.
A detailed gap analysis should be developed at the end of the project after the as-is study is completed; however it is very important that major gaps are identified and communicated as soon as possible.
When gaps are identified, the project architect should assist in proposing possible solutions together with other project members, stakeholders and domain architects.
• Gather information from multiple sources about all test environments in a structured way
• Actively work with domain architects to document environments that aren’t documented today.
• Investigate how a long-term solution for keeping information such as the one gathered in the as-is study available and updated could be designed, and if one is needed
• Develop the detailed gap analysis
• Help describe the way forward, how should our test environments be set up to be useful and GDPR-compliant at the same time?
• Proposing possible solutions to close gaps
• Work with domain architects to help find the best solution for identified gaps.
• Support other activities within the project where applicable
Experience, knowledge:
• Good general knowledge of IT systems used in the bank preferable
• Experience in GDPR, data architecture, test data, or other data base experience.
• Good communication skills, especially in English. Swedish is a plus.