 Live from Las Vegas. It's theCUBE. Covering Informatica World 2018. brought to you by Informatica. Hey, welcome back everyone. It's theCUBE's exclusive coverage here at the Venetian. Live in Las Vegas, CUBE coverage. I'm John Furrier, the co-host of theCUBE with Peter Burris. My co-host for the next two days of wall-to-wall coverage. Our next guest is Andrew Josz, the head of solutions and data governance for Europe, Middle East and Africa and Latin America for Informatica. Great to have you on. Thanks for joining us. Thank you. I could not stop waiting for this question because you're in EMEA, Europe, Middle East and Europe. GDPR is kicking in this Friday. Absolutely. So we're in May 2018, the big release of the law that kicks into place for GDPR in effect. Two things, what's the mood and what does it mean? I mean, it's a shot across the bow of the industry. We know what it means for people, but what's the impact of this? What's going on? I think we're seeing a couple of different levels. I think at a very individual level, I think the awareness of what GDPR potentially means for people, I think we're starting to feel that as individuals in EMEA. We're seeing increasingly organizations reaching out to us. We want permission to use your information or consent as it's called in GDPR. Your customers of ours, here's our new privacy policy. We see lots of this and it's happening from lots of different organizations that we work with. So I think people are starting to see it and feel it. It's starting to feel like it's real now, not just something we've been talking about for a long period of time. But I think also in terms of potentially what the impact of this will be, that I think all organizations are starting to look at kind of some of the major tenants that sit underneath GDPR, how are they going to address those and what does that mean for the data subjects? And people like me, for example, I'm a data subject, what does it all mean for me? And I think- As an individual, you have data rights. Absolutely. The concern I have, I had a big rant on Facebook, it was good conversation, but here's the thing. It's like when laws came out, like Sarbanes-Oxley, when you go public, you're ready to go public, you have all the infrastructure to comply with all those regulations. A lot of people aren't prepared for GDPR because they might not even know where their data is. What's the format? What's the scheme of? They don't have mechanisms in place because there's IT legacy involved. I mean, GDPR, great on paper. Everyone's got their own rights. Sounds good, you know? But when you have to get under the hood and saying, hey, enterprise, you know that stuff you've been putting in drives in the storage administrator quit 10 years ago and you don't know what's going on? And guess what? You're now liable. Major issue. People are scared. So this is a problem. How can someone get ready? Because just like when people go public, they have to be ready, hire all these process stuff. What do you guys see that, I mean, Informatica has some solutions, I'm sure, but what's the client relationship like for you guys as you talk to customers? I think it kind of varies. Some industries seem to be a little bit more advanced in their thinking. So regulated industries, for example, they're kind of used to regulation and compliance. They kind of get a lot of these things. So I think some of those have found this process a little bit easier. I think some industries, this is generally quite new. Some of the ideas, some of the practices that come with GDPR, I think are also quite new for some of these industries. Internet companies fast and loose, you know? Absolutely. If you're fast and loose, you're going to be doing a lot of work. But ultimately, when you think about a lot of what GDPR brings to the data subject, people like me and my colleagues, then a lot of that then is about these rights and the ability for us to be able to actually take back more control of our data, because fundamentally it is our data. So if we have more control, then it's about how organizations help us with those rights and help us move along that journey of what we can now do with our data under what GDPR is. And just to be clear too, we've reported on this in depth with Wikibon and SiliconANG on theCUBE. GDPR, it's been clear it's going to be a process. They're going to look for compliance, they're not looking for everyone to be like, they want to see directionals progress. So it's not like the hammer's going to come down tomorrow, but people now, data subjects, now can bring claims against companies. So... Actually, John, I think you're right, but we have a client, the chief privacy officer, one of our clients, made the observation that had the Equifax breach occurred after Friday in Europe. It would have cost that company $160 billion. My guess is what's going to happen, is they're going to look for that direction unless a company has a serious problem. And then they're going to use GDPR to levy fines and generate some, and remunerate back to the people affected, some real relief. Would you agree with that? I actually see GDPR in a slightly different way. Maybe that's just because it feels quite personal to me, because I feel it's something that's going to be a part of my life. And actually, I think it's about organizations really respecting my data and therefore respecting me. So when we talk about fines, yes, I'm sure there's probably going to be some of those. A lot of the customers I talk to, actually, they're worried about reputational damage. What's going to happen to their brand? What's going to happen to their image? If something happens, and that for many organizations is far more serious and significant than any kind of fine potentially may be. And there's a mega trend going on you're seeing with blockchain and decentralized applications where people who create the value should capture it, hence the personal relationship to your data. And we all look at Facebook and say, hey, I signed up for a free app, so I can meet my high school friends and see them and do some things on Facebook. But I didn't sign a contract to give you my data to have the election be thrown in the US. So it's kind of like, wait a minute, what are you doing with my data? You're talking about blockchain and immutability of the data. If you have, does GDPR make it more difficult to use technologies like blockchain? I think organizations just have to look at GDPR and say, it's the principle space regulations. So it's not going to tell you the details of how you should do things, but it's trying to take you on a journey around kind of how you can then start to bring a lot more respect to the data subjects because of the data that you're managing and processing for them. So organizations are going to have to look at that and say, how do we take all of this and how do we start to move it into our environment? And then whether it be blockchain or any other kind of technology, how does it apply? And do we have to make some changes? Do we have to think tactically or strategically? I think organizations are going to have to look at this and say, what does this mean longer term? Because I don't think anyone really knows right now. Well, I want to get your thoughts on this, this head of solutions and governance. We've chat with the Deloitte guys came on earlier and they kind of laid out, I mean, I'm just paraphrasing the playbook. Data engineering, data governance, data enablement. So you're kind of looking at it here, kind of a playbook. Got to do the engineering work to figure out where the data is. Throw the catalog in the MDM of various solutions out there and tools for other things. And then the governance piece is super critical. Then the enablement is where, then you're in an ideal state for a GDPR or wherever where everything's foundationally built and engineered and governed. Ideally you can have things like consensus, you can have some security. Do you see it the same way? And how are you guys at Informatica, talking to customers? Is that chai with some of the things that you guys? Yeah, it does. It resonates quite well. So I think because it's a principle space regulation, then actually that has some potentially quite interesting and beneficial impacts for some of our customers. So a lot of our customers are going through some kind of transformation, mostly digital transformation. And you think about the principles that GDPR gives you, I look at that and I think, well actually some of these are just good data management practices and principles. It happens to be around personal data for GDPR right now but those principles are just valid for probably kind of any kind of data. So if you're on a digital transformation journey with all the change and with all the opportunity that brings that, actually these practices and principles from GDPR, they should be helping drive things like your digital transformation. And for a lot of our customers, change is the only constant they've got. So actually managing all of this whilst everything is changing around you, it's tough for a lot of them. Open source has been a big driver in our industry. We've seen some there. Open always beats closed and having all the open data is key. Have you seen any GDPR impact around being open? Is there like open source groups that are out there helping companies? You guys honestly can get called on. But what does the customer do? I mean like Peter and I say, hey maybe we're impacted by GDPR. Do we like, who do we call? Is there an open source community that can help with terms of service? If they want to go down the right roads of data hygiene or data setup cataloging, what do they do? I mean what's, I mean it's a shock and people go well we're not really kind of where we should be. What do they do? Yeah I've seen quite a bit of movement so I think probably one of the biggest single challenges that I've seen is for many organizers, many of our customers, they'll be saying to us, okay so what should we do in this circumstance? And actually that's really tough for us to answer. Because it's a principle space regulation then actually somebody used to look at that, that's probably the legal or the privacy teams, say well what does this mean for us? How do we take that and then come up with a set of requirements that says this is what we need to do for our organization in our markets and our territory for example. So there's probably no one size fits all answers. So there's legal aspects to this, there's privacy aspects, data management, risk, compliance, open source groups, they can give opinion but it's nothing more than that. And they might not have the talent internally to actually understand culturally what the principle is. So they got to call in the consultants or integrators, Deloitte. Exactly, exactly. But fundamentally it seems as though one of the things that GDPR is going to do is it's going to force companies, force enterprises to be very explicit and declare what attributes of that personal data they make money with. And effectively open that up, it'd be much more as you said, what do you call it, private subject or? The data subject. Data subject, they're going to have to be more explicit declaring the data subjects in simple terms how they're making money off of data or how they're avoiding that problem. Yeah, I think organizations, I think about some of the privacy notices I've received recently for example, I think what organizations do, I think they're trying to explain to people, this is the kind of data we have. These are the types of things that we have to do with it. Sometimes it's maybe regulatory, but actually other times it's about these other types of business activities. So they're starting to be a lot more transparent I think in what they're doing with the data. Is it transparent enough? I guess time will tell. And the reaction of data subjects I think will also be the indicator whether people think that's acceptable or not. I don't think we know yet in the early days. But actually that change I think over time what we'll start to see is organizations are going to be looking at the way that they manage data. I think transparency, I think will be a huge topic for a lot of industries. I think the notion of kind of having a respect for people and their data and how it leads to trust. There's so lots of industries have kind of lost the trust of people around the ability to manage their data. So how do they get that back? Well potentially GDPR might be a way of helping organizations do that. They got to get their act together and build up a quality data policy around it. Okay, final question for you. I know we're tight on time, but I want to get it out there. What do you guys have for solutions for customers? What are you guys offering specifically for products that helps them with the compliance and the gap analysis? I mean, what do you guys do for customers? What's the solution? It's in a couple of different areas. So I'm going to tackle a couple of quite specific things and something slightly a little bit broader. So organizations I think you were mentioning earlier just kind of knowing where their data is. Well actually we have some fantastic technology to go and discover and automate the discovery of that data. That's great for organizations because today a lot of them are doing it by hand. They're doing it manually. So discovery of data really important so we have technology in that space. The ability to go and mask and archive, get rid of data. If you don't have a legitimate reason for having data then why have you got it? So technology to help you get rid of that data. Other types of technology about being able to connect what you have in terms of your physical data assets to actually your interpretation of what GDPR means to you and your business, that's fantastic. The ability to connect those together, that's our governance environment. And then technologies around kind of building that view of the data subjects so we can then enact all these rights that people like me have now got but also then the consents that we may potentially have to give, how do you associate that with all the complexity of the data? So we have technology in our master data management space to do that. I think probably the one thing that I hear fairly consistently for customers is not necessarily about those isolated kind of views of the technology and how it solves specific problems. I think they're looking at it quite holistically and they're looking at solutions that can really automate a lot of this as much as possible. They're looking for solutions at scale. Some of these are very large, complex organizations. It's not small amounts of data. In some cases it's huge amounts of data. So they're trying to cope with the scale but they're also looking to solve some very specific problems. So I think there's kind of a combination of things which I think plays really well to be informatic as core strengths. And also creates awareness for companies to put data as a strategic centerpiece, not as a side thing, bring it right to the front and center. Andrew, thanks for sharing the insight in theCUBE. Appreciate your time. It's theCUBE live coverage here in Las Vegas at the Venetian. This is exclusive coverage of Informatica World 2018. I'm John Furrier with Peter Burris. Stay with us for more here on day one of two days of coverage. We'll be right back after this short break.