Achieving Basel III compliance: A 3-Step action plan

basel III blog image scaled

Basel III is changing – are you prepared?

New reforms target the recalculation of risk-weighted assets and limiting banks’ use of internal models for risk estimation in setting minimum capital requirements. Systemically important banks face heightened stress testing and risk data requirements, while expanded reporting rules and risk assessments present new challenges for regional players. 

This presents big challenges:

  • Manual processing leads to errors, wasting valuable time. 
  • Complex processes and data silos hinder collaboration and visibility. 
  • Expanding data volumes strain legacy systems, while new attributes are often unavailable or require substantial effort to source. 

While the challenges may appear daunting, they don’t have to be. With Solidatus, you can achieve full compliance and more in three simple steps.

By combining technical data lineage with business context we connect your data to the processes that create it, to the policies that guide it, and to the obligations that regulate it. The result is a ‘live’ enterprise data blueprint that clearly illustrates the impact of Basel III on every layer of your organization.

3 simple steps to achieving full compliance

Basel Graphic 3 steps to compliance

Solidatus in action: Technology demonstration

Watch a short video or download our factsheet learn how a Solidatus user can tackle regulations like Basel III head-on.

corlytics scaled

Move enables data practitioners to view Corlytics’ digitized regulatory content in the context of their own data and systems, helping them assess likely impacts and plan for change

London and Houston, 15th March. Solidatus, a data management solution that empowers organizations to connect and visualize their data relationships, and Corlytics, a supplier of regulatory risk intelligence that combines innovative technology with deep legal and industry expertise, have today announced an ambitious partnership. That partnership will empower users who are customers of both companies to map regulations from across the globe to their entire data estates, matching them with their systems, policies, processes and people.

The combined solution sees digitized regulatory content from Corlytics automatically pulled into Solidatus regulatory data catalogs and linked to data lineage models where they can be mapped to companies’ processes, policies, controls and systems. This will enable better-informed decisions and allow firms to show that they’re compliant.

Corlytics Founder and CEO, John Byrne said: “This brings huge synergies to the day-to-day work of data practitioners. Combining the added value of Corlytics’ content with Solidatus’ lineage models across firms’ IT infrastructures gives users the unique ability to map their compliance with regulations holistically, tracing lineage across all internal control systems. This means they can more easily identify the impact of regulatory change and demonstrate full compliance with regulations, ultimately delivering ‘front-to-back’ compliance.”

Solidatus CEO and Co-Founder, Philip Dutton said: “Increasing rapid change in the regulatory landscape places exponential pressure on data governance and compliance practitioners. It also forces organizations in heavily regulated industries to spend a disproportionate ratio of funds on regulation and fine avoidance, which in turn strangles their innovation and agility. Our partnership with Corlytics provides end-to-end transparency from regulatory obligation, through implementation to regulatory evidence. It enables automatic and instantaneous impact assessment of regulatory change on an organization, streamlining compliance processes and accelerated execution all the while providing an immutable record of compliance.”

You can read more about what this means for data practitioners in this new blog post: How combining software platforms can help ensure your regulatory compliance.

– Ends –

For more information please contact:

Solidatus press office

Corlytics press office

Elaine Mullan at elaine.mullan@corlytics.com

About Solidatus

Solidatus is an innovative data management solution that empowers organizations to connect and visualize their data relationships, simplifying how they identify, access, and understand them. With a sustainable data foundation in place, data-rich enterprises can meet regulatory requirements, drive digital transformation, capture business insights, and make better, less risky and more informed data-driven decisions. We provide solutions to several key areas of endeavor, including: governance and regulatory compliance; data risk and controls; business integration; environment, social, governance (ESG); and data sharing. Our clients and investors include top-tier global financial services brands such as Citi and HSBC, healthcare, and retail organizations as well as government institutions.

www.solidatus.com

About Corlytics

Corlytics structures, rates and visualises regulation.

To be able to action and provide assurance on never-ending regulatory change requires firms to know what’s relevant, where to focus and what’s emerging. That’s where Corlytics is helping compliance, risk, legal and audit teams globally. We monitor, assess, map and align regulatory changes in order to alert relevant areas of the business. We take a risk-based approach to prioritising developments and predicting what’s ahead.

We combine innovative technology with deep legal and industry expertise. Our data science technology combines supervised statistical learning methods with novel linguistic feature engineering techniques using natural language processing.

www.corlytics.com

synergy scaled

The regulatory landscape for financial firms is complex and subject to increasingly faster rates of change. This can be seen in the graphic below, which shows the ESG disclosure landscape for banks and capital markets in Europe – and this is just part of the regulatory burdens falling on firms.

In addition to meeting each reporting requirement in these regulations, companies also need to demonstrate that they:

  • Understand the requirements of the regulations;
  • Understand and have control over their regulatory submissions;
  • Use reliable and comprehensive data; and
  • Report consistently and reliably across their business and reporting submissions.
afme chart 1

Source AFME, ‘ESG Disclosure Landscape for Banks and Capital Markets in Europe’, Page 11 (PDF)

In problem-solving, it’s said that two heads are better than one, and the same is often true of the technology that simplifies our lives. We at Solidatus are big believers in the value that partnerships bring to our shared clients. And so it is with keeping track of regulatory changes, how they affect your data and systems, and what decisions and actions you need to take in relation to them.

In that vein, today Solidatus announced a partnership with Corlytics to provide customers with a unique and essential tool that allows firms to:

  • Understand the changes in regulations in detail, quickly and easily; and
  • Demonstrate they are in full compliance with their detailed requirements.

Corlytics is the world’s leading provider of regulatory risk intelligence to enable organizations to take a data-driven approach to regulatory resource allocation. As part of this, Corlytics provides a regulation and law library that stores regulatory content as a fully digital set of obligations in a single location. Corlytics also ensures these digitized regulations are up to date. 

Combining the Corlytics digitized regulations service with the visualization and lineage capability of Solidatus gives clients the unique ability to have a visual, easy-to-use view of regulations that’s focused and shared across the organization.

What does this mean for clients?

Clients can use the combined power of Corlytics and Solidatus to:

  • Identify the impact of regulatory change; and
  • Demonstrate full compliance with regulations – ‘front-to-back compliance’.

In conclusion to this short blog post, we’ll take a look at what improvements in these two areas mean for practitioners engaged in being compliant and demonstrating this compliance.

Regulatory impact assessment

Using this web-based visualization, the drill-down and workflow capabilities of Solidatus mean firms can review up-to-date regulations and regulation changes, and:

  • Share the latest versions and understanding across the firm based on the business area and need;
  • Focus in on changes in the regulatory texts to highlight impacts; and
  • Reduce the dependency on key regulatory compliance experts.

Sharing specific views of regulatory changes will also help front-office staff understand the impact of changes and facilitate front-office business to take advantage of business opportunities that arrive ahead of competitors.

Front-to-back compliance

Combining the added value of Corlytics content with lineage models across the IT infrastructure of the firm gives firms the unique ability to map their complete compliance with regulations by:

  • Mapping regulatory texts from Corlytics;
  • Aligning them to the lineage across all bank systems in scope; and
  • Linking them to their detailed submissions.
flow chart us 1

In addition, firms can use this understanding to start to standardize and reuse compliance assets to improve the consistency and efficiency of their reporting across regulations and regulators.

These two use cases highlight the unique value of combining the digitized context from Corlytics with the visualization and lineage within Solidatus, and we look forward to developing further valued services with Corlytics going forward.

Architecture abstract white 4 HIGH RES scaled

On 28th May 2018, the General Data Protection Regulation (GDPR) changed the data privacy landscape forever. What organisations sometimes missed when the regulation came into force was that GDPR should not have been viewed as a burden or to have been treated as a tick-box exercise.

It was an opportunity to extract mandatory regulatory budget and use it to elevate and transform organisations’ data capabilities. Turning the 4% of the global turnover stick into the carrot to lead the organisations’ data journeys forward.

What GDPR did was usher in a new era for the protection of personal data from organisations misusing it. A regulation that had the teeth to make organisations take pause and assess their management of personal data, its use, access, location and purpose. Unfortunately, although they achieved compliance, it became a tick-box exercise for some organisations: at worst, assembling Excel sheets with locations of data, assigning data owners, Data Protection Impact Assessments (DPIA) scores, etc; at best, their approach was to deliver compliance by combining data governance software with changing policy and legal documents to get the seal of approval from either internal legal or audit teams and/or an external consultancy that they were GDPR-compliant. Neither of these approaches addressed the clear need for an ideological and cultural shift towards data and its management that needs to occur.

The important point was that with GDPR setting the bar so high, other jurisdictions had no choice but to follow and to raise the bar higher and higher. For organisations with multi-jurisdictional exposure because of the regulatory-isolated, non-re-usable, narrow-focused methodologies employed, the cost and effort required to implement each regulation is similar. So, if it cost $10M to implement GDPR, then it will be a similar cost to implement each of the California Consumer Protection Act (CCPA), Brazilian General Data Protection Law (LGPD), Personal Data Protection Act 2012 (PDPA), New York Privacy Act, India Data Protection, and Malta Data Protection, among others. With thousands of companies implementing all of the same regulations, in the same way, the cost to business innovation is eye-wateringly high at over $10B on GDPR alone. Not to mention the continued additional burden of data protection and governance, with whole departments focused on controlling/limiting access rather than enabling.

The principles of data privacy that GDPR and subsequent regulations demand shouldn’t be considered as a differentiating factor for clients when choosing a provider, it should be the minimum level of expectation. Much the same way that the minimum level of expectation on a physical structure such as a building or bridge is that it will not fail and severely impact its user. Now, civil engineers have had centuries to evolve their discipline into the formalised, well planned, well understood, well documented and well structured endeavour that it is today. Software engineering is in its infancy by comparison, rapidly evolving but lacking much of the formalised, planned, understood, standards and structures that are required to support the principle of Privacy by Default and by Design.

There’s a strong argument that organisations should have taken a more engineered approach to data protection, one that was considered an opportunity to understand an organisation’s data, processes and actors (its people), with each component not viewed in isolation, but as an element of a larger ecosystem. Because in reality, this was an opportunity for re-use, with the continual improvement of data, processes and policies, culminating in a knowledge graph or organisational data blueprint that enables the storage and contextual access of both explicit and tacit knowledge.

For multi-jurisdictional organisations, the impact of having to be compliant with not one complex and onerous privacy regulation but up to one hundred, becomes an innovation and organisational crippling cost. However, all of the privacy regulations contain a significant amount of similarity, and so when addressed by re-use-focused methodology and tooling, the cost of compliance is significantly reduced with each new regulation that is implemented. Only the delta of difference between the regulations needs to be modelled and impact assessed anew. The organisation builds up a cumulative common taxonomy that describes all of the data privacy requirements and their impacts on the business in terms of processes and data.

Solidatus provides organisations with a solution that allows you to fundamentally redesign your organisational data culture and capabilities. It provides for the creation of a holistic organisation-wide digital map that details all of the relationships that interact with its data and their impacts – including the physical location of data, its classification, its purpose, its access rights, its retention requirements, its interaction with processes and policies, its quality, and so on. It also enables the internal map to be aligned to the external regulations, allowing users to view connectivity and impact from any focal point and through any lens. If GDPR changes, how will those changes affect my organisation and its compliance? If my processes, systems or policies change, how will that affect my ability to remain compliant? Solidatus implements a methodology that is an evolutionary leap forward in data management, shifting the dial from reactive to proactive. “Planned Change” – checking the plan before removing a wall, updating the plan and removing the wall if it is safe to do so, rather than “Captured Change” – removing a wall and updating the plan, no checks on the impact of that change. All held within a quick and simple to use, extendable, scaleable, audited, governed and versioned graph repository.

If there’s one thing I’ve learned in my 20 years of engineering software and managing data in large heterogeneous, distributed development ecosystems, it’s that technology is rarely the problem, though it’s often blamed for failings. The real challenge we face is understanding and aligning methodologies, capabilities, technology, processes, policies and people in order to build trust in our data. And this is why Solidatus was born.

Sand white HIGH RES scaled

From 29 – 30 September, A-Team Insight brought together the US data management community to explore the latest challenges, opportunities and data innovations facing sell side and buy side financial institutions.

On day two of the event, Solidatus Co-CEO, Philip Dutton, joined data experts Dennis Slaterry from EDMworks, Andrew Foster from Deutsche Bank, Olga Maydanchik from Voya Financial and Harpreet Singh from Luxoft on a panel titled: “The power of data lineage to deliver compliance and business insight”. A wide range of key challenges were covered from managing ever increasing data volumes to the mainstream adoption of cloud.

The panel started with each member stating their definitions of data lineage, with Philip adding an important point: the power of lineage transcends technical flows.

As a panel, we’re trying to educate the community that lineage enables a lot more than just the technical pipes where the data flows – it brings in huge amounts of impact analysis and transformational change to an organisation. There is an additional layer of value which can be utilised when we start to think about lineage in a different way than just the purely technical sense.

Play Video

The term automation means many things to many people – Philip believed that its definitions in the market are misguided.

Unfortunately, automation takes time, it takes understanding, and it takes a lot of effort. It really comes down to the ‘why’ – what’s the value that we’re generating? The state of automation that most people are looking to achieve is if a system changes, tell me about it. The problem in global investment banks and complex organisations is that if you’re hearing about a change after it’s happened in production, you’ve got a bigger problem in the organisation. We need to move away from this reactive approach to a more proactive lineage approach – we should be thinking about planning and execution, with the automation as the validation that what we’ve done is what we plan to do.

The creation and retention of data has increased exponentially in recent years, with a growing remote workforce catalysing the production and addition of more cloud applications to companies’ data landscapes. Philip made the point that the journey to the cloud is like any other transformational change companies enact.

You need to know where you’re starting from and where you want to end up – an organisation looks at their current state on-premise and plans to move these elements into the cloud, and typically, people don’t pick up their whole organisation and start moving all the data into the cloud at once; it’s this journey that takes time and part of that is designing a cloud migration strategy to ensure you don’t breach regulations like cross-border data sharing, or that you sufficiently structure the migration so you’re not moving huge volumes of data up to the cloud and then back down into on-prem, generating huge costs. Lineage allows us to simulate what that future state of an organisation looks like while remaining in the safety of a confined space.”

Before the session ended, the panel discussed the relevance on AI and Machine learning within metadata management – Philip observed that much of what the vendors are pushing in the market is overhyped mainly because we work in metadata, and not data. The record sets for metadata management are so shallow that you can never train an AI to really deal with it. When you’re working with the actual underlying data and trying to infer lineage based on that data, there’s a much better case for using an AI or an ML – it’s important to understand the distinction between the two.

Play Video

Solidatus for the cloud – Migrate, Optimise and Transform

Businesses are turning to the cloud for reliability, scalability, flexibility and consistent processing – but, with great transformation comes complexity and risk. With Solidatus, prepare your migration strategy by identifying mission–critical data and eliminating redundant information – enrich this data with current regulations, service agreements and business intelligence allowing for in-depth impact analysis before each asset is moved into the cloud.

Globe DMI Awards HIGH RES scaled

In this Q&A with EM360, our CEO Philip Dutton sat down to discuss what makes Solidatus different to other data privacy solutions on the market, how we’re helping organisations reduce costs, and what organisations can do to stay ahead of the curve when it comes to data privacy. Read the full Q&A below.

Data privacy is a global requirement. From GDPR (EU) to CCPA (California) and PDPA (Singapore), there are now more privacy laws than ever before, with many still yet to be discussed and enforced. Although a necessary movement, multinational companies are, consequently, struggling to keep up with compliance, with the sheer volume of regulations becoming increasingly daunting. On top of this, business leaders must also stay in the know about emerging technologies, as new advances in areas/fields such as Artificial Intelligence have already been flagged as a threat to privacy. So, what can organisations do to ensure they are on top of data privacy and its associated critical challenges? 

In this week’s Q&A, we sat down with Philip Dutton, Co-CEO and Co-Founder of Solidatus, to find out how their compliance tool is helping the enterprise to tackle data privacy. Solidatus is an innovative data management technology company, empowering organizations to unlock the true business value behind their data. Born out of the recognition of a consistent pattern of data management problems, the company works to digitally transform organisations, empowering them to be data-centric and lineage-enabled, and simplifying their adherence to privacy laws. 

What is Solidatus’ ‘regulatory lineage’ solution and how does it compare to other compliance tools on the market in terms of its key features and/or USP(s)?

Solidatus helps organisations simplify their adherence to privacy laws by empowering clients to map the flow of relevant data through their organisation, visualising the mapping against their people, processes and regulatory needs. This demonstrates the impact of data privacy regulations in context and allows for insights that are only possible when all the information is available. This complete transparency is critical to ensuring that data required for regulatory compliance is identified, accurate and complete – and is being used appropriately per data privacy requirements.

Solidatus is the only product that can be used to cover all global regulations. It is rapid, agile, scalable and can show common regulations, indicating the delta where there are differing regulations for each region/country. Collectively, this massively reduces the cost of regulatory compliance for multijurisdictional organisations. 

Research reveals that by 2022, companies worldwide are likely to spend over £5 billion on compliance tooling. In what ways does Solidatus’ approach to data privacy address regulatory spending and the financial challenges that come with it? 

Companies now invest vast sums of money to prove they are in compliance, and organisations with multi-jurisdictional exposure need to meet a profusion of regulations simultaneously. Those that lack complete understanding of their data landscape are forced to re-spend and thereby waste regulatory budgets.

Solidatus delivers a high degree of efficiency, reusability and scalability as the world’s regulatory and data privacy requirements change and expand. Once data items and their metadata are identified, catalogued and modelled, they can be easily mapped to multiple compliance requirements.

Essentially, Solidatus creates one scalable compliance framework that helps organisations proactively address multiple regulations. This reduces the high cost of managing multiple compliance solutions, and reduces the risk and costs of non-compliance.

Solidatus prides itself on being proactive, rather than reactive, when it comes to compliance. How is this achieved and why is it so important to the company?

Solidatus has a strong track record of delivering the tools needed to rapidly build the major compliance data models. This means that businesses can implement the model and map their data to the reporting requirements well before their first deadline. Our clients’ reputation and reporting success is paramount to our success as a business.

Over 128 countries have data privacy laws, resulting in companies with multi-jurisdictional exposure being overwhelmed. Is Solidatus’ compliance tool the key to tackling this issue?

Yes! Solidatus is made to simplify data complexity and workflow – in this case, overlapping yet differing data privacy requirements. Getting compliance right also means breaking down legacy organisational silos, ensuring there is transparency across systems, people and processes. This is key to capturing all the necessary data required, understanding how data flows, and tracking and reporting exactly how it is used. Our lineage technology maps the data to each privacy law requirement, and is the only product to cover all global data protection regulations.  

Can you give us a case study example that exemplifies how Solidatus is helping organisations to unlock the true value of data privacy and simplify their adherence to privacy laws? 

We helped a global investment bank automate compliant, cross-border data sharing. With over 40 million customers, and operating in 64 countries and territories, they had struggled to share data efficiently across the organization due to regulatory complexity and burdensome manual processes. In under six months of using Solidatus, the bank automated data sharing workflows enabling real-time, auditable and compliant data access for all users. By enabling rapid time to data access and reducing the management overhead, it is estimated that the bank has saved $70 Million to date through utilising our product.

Working with Solidatus, the bank unlocked greater business value from data that had been tied up in complex processes. With streamlined and automated data sharing processes, the bank’s data users are saving time, lowering costs and reducing compliance risk, all while delivering results faster and more accurately.

In a recent article titled ‘In a changing world, it pays to be prepared’, you write that ‘privacy requires agility’. Where do you see the future of data privacy following the emergence of the pandemic and how can organisations stay ahead of the curve?

There are more data privacy laws expected to be passed, and the existing ones will see increased enforcement and fines; the global data privacy regime will only grow in complexity, putting greater risk on organisations around the world – this is why agility and scalability are so crucial. Companies that had a data privacy solution already in place before the pandemic were more prepared to handle the new challenges of managing sensitive data while their working behaviours changed.

Going forward, data privacy solutions will need to continue to be highly scalable. Companies will be subject to a growing set of laws during a period where many business models evolve post-pandemic, complicating matters further. Businesses need a holistic approach to manage their data to meet multiple data privacy laws, while minimising the costs and the risk of deep fines. With Solidatus, compliance expenditure isn’t narrowly constrained and can, instead, be transformative – an opportunity to elevate and transform a business’ data capabilities.

Get a free trial

Get a free trial and see how you can bring simplification to your challenges around metadata management, data governance, and demonstrating regulatory compliance.

Cityscape IBOR HIGH RES scaled

“Vietnam is poised to pass a new decree that will bring the nation into line with its peers across APAC and internationally when it comes to personal data protection – and it’s providing a new impetus for businesses to look again at enhancing their data management.”

As Vietnam prepares to move into the next phase of its Data Privacy legislation, Solidatus Head of APAC John Berven sat down with Asean Tech&Sec to discuss the upcoming implementation of PDPA (Personal Data Protection Act) and how ready businesses really are when it comes to their own data and compliance requirements.

Reflecting on a number of high-profile data security breaches in the recent years, John comments: “Large-scale breaches of personal data continued in 2020, with a devastating data leak affecting more than 80,000 customers, and possibly staff, at Vietnamese health technology firm, Innovative Solution for Healthcare (iSofH) (see report). It is also believed that an additional cyberattack removed an unknown number of records.”

But with the new PDPA, these breaches should hopefully be a thing of the past. But how can businesses prepare to ensure they are compliant with the decree’s storage and processing of personal data? And, more importantly, how can a tool like Solidatus enable organisations to map the flow of its data, allowing for full transparency on how it can be used?

Read John’s insights on this new stage of data protection and privacy in Vietnam to find out more:

Vietnam is about to enter a new data protection era – are businesses ready?

Solidatus for PDPA in APAC

By using Solidatus, an organisation gains invaluable insight into its data landscape. Our product enables users to visualise and analyse lineage showing what type of data they have and how it moves through their systems. It is impossible for senior management to be completely confident that the organisation is not inadvertently contravening some aspect of PDPA without this, leaving them open to enforcement and reputational risks.  

Solidatus plays a vital role in PDPA by:  

  • mapping the flow of data within an organisation 
  • allowing for full transparency on how it is used and by whom 
  • laying the groundwork should regulators ever ask a business to prove their compliance 

Solidatus helps to build a digital dashboard which shows managers how personal data is being used and where it is stored. This provides a demonstrable compliance with cloud storage regulations, the Right to Access and Correction, in addition to both Do Not Call (DNC) and National Registration Identification Card (NRIC) legislation by understanding the flow and location of data. 

Organisations need a tool to help them identify required consent and ensure that the use of personal data within their firm is, purposeful, appropriate and reasonable. Solidatus provides these essential elements to comply with PDPA. 

Get a free trial

Get a free trial and see how you can bring simplification to your challenges around metadata management, data governance, and demonstrating regulatory compliance.

Sound waves HIGH RES scaled

The only way that complex multi-nationals can ensure their compliance is by keeping up with these continual updates to data privacy rules. In order to prepare for any legislative checks on their compliance, firms need to ensure a flexible and innovative approach to operational data management which can be called on to give a comprehensive picture at any time.”

Solidatus Head of APAC John Berven writes for Regulation Asia, taking a look at the upcoming implementation of PDPA in Vietnam and how organisations need to take a data-first approach to international regulation in order to be prepared.

Businesses that have already implemented measures in preparation for other data privacy regulations such as GDPR and LGPD, will have the advantage of having either met – or in some cases exceeded – the new guidelines in Vietnam.

But achieving this compliance is no small feat, and firms need to ensure their approach to data management is holistic, transparent and flexible. Digital transformation is key in giving a comprehensive view of data privacy.

To find out more, read John’s insights for Regulation Asia “Vietnam’s Data Privacy Decree: the Tip of the Global Compliance Iceberg”:

Vietnam’s Data Privacy Decree: the Tip of the Global Compliance Iceberg

House of cards HIGH RES

The FIMA Europe Research Report provides a unique insight into prevailing attitudes to data management among senior financial executives charged with delivering it within their enterprises. These senior executives are personally liable for their areas of responsibility and could face fines or even imprisonment in the event of major failings at their organisations. 

Risk data aggregation standards have been set globally through BCBS 239, and any bank that asserts itself “BCBS 239 compliant” can no longer claim that it was unaware of a dangerous accumulation of risk, or that it could not have acted sufficiently quickly to offset risks, even in periods of extreme market stress. Various regulators of major financial jurisdictions have addressed the matter of personal accountability: the UK with the Senior Managers and Certification Regime (SMCR), Ireland with the Senior Executive Accountability Regime, and within the EU these responsibilities are covered variously by, among others, CRD IV, MiFID II and the EBA/ESMA Suitability Guidelines.  

With so much personally at stake, one would assume the respondents to the FIMA report would be expected to ensure that the data for which they are responsible is fit for purpose. Answers to some of the questions, however, suggest that there may still be shortcomings in how organisations are approaching this issue. For example, in response to the question “How do you understand your data in context to anticipate and predict potential risk?” 40% of respondents gave answers that relied on automation or the use of algorithms but only around 10% could provide any description of the processes that they employed – none of the answers addressed the contextual aspect of the question. Just as in grade 8 algebra where only 50% of the marks are allocated to the answer, providing the answer alone is no longer acceptable. Regulators are now demanding that organisations show their workings to prove compliance. 

Similarly, in reply to the question “What is your greatest challenge to access the right data and insights to improve customer experience?” 40% replied “I don’t know where to go to for this information.” Answers like these reveal that there is a significant proportion of senior data management professionals who, while aware that the systems for whose data they are ultimately responsible are automated, are not being provided with the necessary information to understand how or where that data is stored. Without that comprehensive understanding of their data landscape, proving that automation is indeed delivering what is supposed to achieve, or in the manner it is believed to be working, is difficult to accomplish convincingly. In addition, planning the most cost-effective upgrade path, or determining how to approach migration to the cloud, or the consequences of decommissioning aging and unreliable systems, becomes unnecessarily costly, difficult, and burdened with risk.

Built by practitioners with a deep understanding of modern data challenges, Solidatus enables organisations to achieve automation with unprecedented levels of reliability, because it is built upon a solid foundation of organisation-wide understanding. With a ground-breaking lineage-first approach, Solidatus provides comprehension and consistency across entire organisations – allowing them to optimise, govern, regulate and achieve transformation with total confidence.  

We witnessed the fallout from inadequate data management with the global financial crisis of 2007-2008, when the consequences of banks’ actions could not be seen clearly by the banks themselves until it was too late. The tools they used for data management were not up to the challenge of informing decision-makers adequately: today, Solidatus can provide levels of insight that enable risk to be managed proactively and in real-time. The only effective protection against another financial crisis is a complete understanding of the data, visualised and made available to the right people at the right time. It would be a double catastrophe were another crisis to occur, that could have been avoided had levels of data management across the industry been optimised, rather than succumbing to the false security of poorly-comprehended automation. 

Get a free trial

Get your free trial to see how you can bring simplification to your challenges around metadata management, data governance, and demonstrating regulatory compliance.

Ho Chi Minh night HIGH RES scaled

Vietnam’s upcoming implementation of a Personal Data Protection Act (PDPA) aligns it regionally and globally with the accelerating trend of data privacy legislation. A consistent theme is that it, along with other regional legislation, broadly aligns with standards in other global legislation – in this case, the EU’s GDPR.

The second draft was released by the Ministry for Public Security (MPS) in February 2021 and the
second Draft Decree’s sourcing of public opinion concluded on 9 April 2021. While most decrees in Vietnam implement a specific law, the PDP Draft Decree does not, and will require a more stringent process for adoption, including review and approval by the National Assembly.

This updated draft has a more robust set of rules regulating specific rights of data subjects, cross-border transfer of data, and processing of sensitive personal data. Non-compliance may subject stakeholders to temporary suspension of operation, and/or revocation of permission for cross-border data transfer in addition to monetary fines.

data privacy

Key takeaways include:

  • Coverage is broad – subjects include all agencies, organisations and individuals that engage in activities relating to personal data.
  • De-identification and anonymisation are introduced to protect identities, which will require robust data governance, as will requirements related to verifying the age and establishing parental consent prior to processing a child’s personal data.
  • Heavy licensing requirements are mandated for the processing of sensitive personal data and for the transfer of personal data out of Vietnam.
  • A local copy of the data is mandated, as is the 3-year storage of cross-border transfer records for personal data.
  • The MPS will run an annual audit of Data Processors involved in transferring personal data out of the country.
  • Data Processors run high risks for administrative fines which can go up to 5% of total revenue.

The heightened growth and focus on our data and the way it is handled will continue to accelerate, as do the sanctions for breaches. Given this, understanding the location of data and creating an operational blueprint of your organisation’s data is more critical than ever. Building out this blueprint can then be leveraged as an investment in your business. Knowing what data is held – and where it is held – enables better and more accurate deployment of data for business insights, ensuring actionable intelligence is generated in both an optimal and compliant way. Companies can be confident that they know where an individual’s data resides so that they can be compliant with requests that relate to it. This operational blueprint provides a competitive advantage as organisations ensure optimal data sources are used to derive actionable insights as better use of data intelligence drives revenue acceleration. Further leveraging this blueprint to data governance and transformation substantially reduces these costs.

Solidatus is uniquely placed to not just enhance compliance, but to also turn compliance into an operational blueprint that can optimise data governance, whilst reducing transformation risk, costs and driving efficiency.

Global Data Privacy Model

Solidatus for PDPA in APAC

By using Solidatus, an organisation gains invaluable insight into its data landscape. Our product enables users to visualise and analyse lineage showing what type of data they have and how it moves through their systems. It is impossible for senior management to be completely confident that the organisation is not inadvertently contravening some aspect of PDPA without this, leaving them open to enforcement and reputational risks.  

Solidatus plays a vital role in PDPA by:  

  • mapping the flow of data within an organisation 
  • allowing for full transparency on how it is used and by whom 
  • laying the groundwork should regulators ever ask a business to prove their compliance 

Solidatus helps to build a digital dashboard which shows managers how personal data is being used and where it is stored. This provides a demonstrable compliance with cloud storage regulations, the Right to Access and Correction, in addition to both Do Not Call (DNC) and National Registration Identification Card (NRIC) legislation by understanding the flow and location of data. 

Organisations need a tool to help them identify required consent and ensure that the use of personal data within their firm is, purposeful, appropriate and reasonable. Solidatus provides these essential elements to comply with PDPA. 

Get a free trial

Get a free trial and see how you can bring simplification to your challenges around metadata management, data governance, and demonstrating regulatory compliance.