To become compliant with the European Union’s new General Data Protection Regulation (GDPR), Telia Estonia, a branch of a major telecom company in the Nordics, had to undergo changes in its business processes, organizational practices and IT infrastructure. Nortal helped Telia through several stages of that complex and lengthy journey.
Telia is not alone — GDPR will make life significantly more complicated for all the companies that process any kind of personal data on the residents of the union.
On its road to GDPR compliance, Telia Estonia faced several challenges. GDPR gives customers the right to demand information on what kinds of data companies have collected about them, order the companies to delete the data, or set restrictions on which data can be processed.
As a major telecom company, Telia has several hundred different information systems, many containing personal information, and all of these produce log files. The problem was that all these log files were scattered over different servers, making it very time consuming to find specific events in the logs and the staff had to go through the systems manually.
Recognizing the seriousness of the challenge early on, Telia set out to find a partner who could automate the process and more broadly bring all data and business practices in line with the regulation.
Nortal analysts, data scientists, Big Data developers, and testers worked for 18 months, providing a set of solutions for Telia’s GDPR compliance. Starting with analyzing and mapping the business processes, they then identified and classified personal information and data retention times. Collecting all the information from the system logs, Nortal built a data lake that is capable of discovering data breaches, customer transactions and events where customer information has been accessed, ultimately creating a new, centralized analytical environment and capabilities. Nortal went through all the logs in Telia’s different environments and identified the types of data the company had about their customers and how these were stored.
With the data lake solution, all the log files are now stored with proper retention times, enabling quick and easy searches and analytics throughout different information system datasets. According to the GDPR, a company has 72 hours to report a data breach, should such a thing happen. In order to do that, a company must be capable of identifying the leak or misuse of data.
The work Nortal did for Telia is part of a wider solution that helps the company detect data leaks and breaches. It is a tool that makes life easier for the Data Protection Officer (DPO) that the GDPR requires larger companies to hire.
Eva Jakunin worked as Head of Risk Management and Country Security at Telia Estonia during the project. She says the big data project Nortal conducted in Telia was extensive, and aimed at solving different types of business tasks and classifying different types of data.
“For example, Nortal identified and classified different sets of personal data, created a preparedness to identify possible data breaches, and among other things created a data lake,” Jakunin said. “This project helped Telia grow significantly and the experience cannot be underrated. Telia can confirm that Nortal is a highly competent partner when it comes to Big Data. Plus the project management they offer is highly professional.”
Get your data in order
Today, Nortal offers a new, comprehensive tool for data governance. It provides an overview of the all data an organization has and creates a fully fact-based data map. Read more about DeepScan or how you can turn your GDPR compliance costs into a new business model.
Artur Assor, Nortal’s Head of Data Protection, has been praised for his ability for seeing the bigger picture and communicating a vision, while at the same time having the capacity to take big projects through change. With more than ten years of experience in the tech industry, he is passionate about finding new ways to take full advantage of the data organizations collect and store. To go into more detail about data protection and data governance, get in touch with him via email.
Thank you for filling in the form. Your request for a meeting with our specialists has been received. We will contact you shortly to setup the meeting.
If you liked this case study, it’s also available for download.