Start your 30-day Pentaho Enterprise Evaluation ..

Compliance & Data Governance

Compliance & Data Governance Glossary

This advanced workshop focuses on creating a Compliance & Data Governance Glossary that addresses regulatory requirements, data privacy, and security considerations. You'll learn how to identify sensitive data, apply compliance tags, and build a Glossary that supports regulatory audits and data protection initiatives.

By the end of this workshop, you will:

  • Identify and classify sensitive data elements

  • Apply regulatory compliance markers (GDPR, PCI-DSS, CCPA)

  • Design glossaries that support privacy-by-design

  • Implement data classification frameworks

  • Create audit-ready documentation

x

x

Understanding Regulatory Landscape

Each regulation has different requirements, penalties, and scope. GDPR can fine up to 4% of global revenue. PCI-DSS non-compliance can result in losing credit card processing abilities. We must understand what each regulation demands before we can build a compliant glossary. Think of regulations as business requirements that happen to be legally mandated.

  • GDPR: Broadest scope, strictest penalties, applies globally if you have EU customers

  • PCI-DSS: Required for any credit card processing

  • CCPA: Growing trend, other states following California's lead

  • SOX: Public company requirement, affects financial data

  • HIPAA excluded: Adventure Works doesn't handle health data

Regulation
Scope
Key Requirements
Data Impact

GDPR

EU citizens' data

Consent, right to erasure, data portability

Names, emails, addresses

PCI-DSS

Payment card data

Encryption, access control, monitoring

Credit card numbers

CCPA

California residents

Disclosure, opt-out, deletion rights

Personal information

SOX

Financial reporting

Accuracy, audit trails, internal controls

Financial records

HIPAA

Health information

(Not applicable to AdventureWorks)

N/A

  1. Back to Data Discovery .. take a look at: PII Assessment

  2. Review the following tables:

We can't protect what we don't know about. This systematic scan identifies all potentially sensitive data. We're looking for anything that could identify a person, reveal financial information, or be used for identity theft. This is like taking an inventory before implementing security measures:

  • Person.Person (names, demographics)

  • Person.EmailAddress (contact info)

  • Person.PersonPhone (phone numbers)

  • Person.Address (physical locations)

  • Sales.CreditCard (payment data)

  • HumanResources.Employee (SSN, birth dates)

  1. Ask the following questions to help define a Risk Assessment Matrix:

Critical Questions:

  1. What data could identify an individual?

  2. What data requires encryption?

  3. What data has retention limits?

  4. What data needs access controls?

x

x

PreviousGlossariesNextSales Business

Last updated

Was this helpful?