 Live from Las Vegas. It's theCUBE. Covering Informatica World 2018. Not to you by Informatica. Hey, welcome back everyone. This is theCUBE. Live here in Las Vegas at the Venetian Ballroom. This theCUBE's exclusive coverage of Informatica World 2018. I'm John Furrier, your host and analyst here with Peter Burris, host and analyst here for two days of coverage. Our next two guests are Jatesh Guy who's the Senior Vice President General Manager, Data Quality, Security and Governance for Informatica and Barry Green, the Chief Data Officer for Bank of Ireland. Great to see you, Jatesh. Great to have you on theCUBE. Great to be here. So, love having two smart people talking about data. GDPR is right around the corner on Friday. You're at the Bank of Ireland, so you're the middle of it. Juan, you're in the territory. You're in the heart of- Get any sleep. Yeah, I get lots of sleep. What, talk about your role at the bank. What are you guys doing? I want to get into the GDPR. It's right on our doorstep. It's going to have major implications for data as a strategic asset. Talk about what you do. So, for me, we've created a data management framework. Framework's pretty simple. Map process, get context for data, put it into the business data model or sign ownership, put data quality over it and then maintain it using a risk model, operational risk model. Now, it doesn't matter whether it's GDPR or BCBS, whatever it is, it's about adding value to data, understanding data, using it and making sure you've got a better customer experience. All the good things. GDPR's important, but it's not the only thing. You guys aren't new to managing data and certainly with compliance, your financials bank. So it's not a new thing. What is, how is GDPR being rolled out? How is it impacting you guys? What are you paying attention to and what's the impact? So, the big thing about GDPR is we're having to understand where our key customer data sits in the physical systems. We're looking at mapping key processes so we can understand what it's used for. We're assigning ownership to people who own data so we can basically make decisions about it in the future. GDPR's a bit like BCBS. It's going to evolve, right? You're not going to be GDPR compliant on May 25th. You're going to have to put in place the infrastructure, the tooling, the governance, the management to make sure that as an organization, you are using data the way it's supposed to be. If you want to be a digital organization, you have to manage data. This is just pushing along that evolution of data being important to an organization. But just as why 2K wasn't about making the world safe for mainframes in the year 2000, it forced a separation, an understanding of the separation that's required between applications and data. So GDPR is another one of those events that's forcing a separation, in this case, between data and the notion of data assets. Correct. So take us through how the thought process of GDPR has catalyzed new thinking within the bank about how we think about data differently as a consequence. I think what it's done, so we've developed the framework so we can apply it to any problem, right? I think what it's done is it's raised up the risk of data more generally. So people talk about data as an asset. I talk about data as a liability, right? So it's a contingent liability if you think about GDPR. It's raised that awareness up that we can't continue to operate and treat data the way we have in the past. So there's a whole cultural change going on around how we treat data. And there's a big understanding, training going on about everyone knowing why they use data, making sure that they don't use it for the purpose it's not used for. And generally it's a big education, cultural change. Barry, how would you describe the mindset for this new thinking? Certainly I agree with you. It's at the strategic nature, center of the value proposition right now, in all aspects, not just some department. What's the mindset that people should be thinking about when they think of data? Okay, should I have access to this data? So do I need it for the role I'm undertaking? And if it was my data, would I be treating it? How would I treat it? How would I want it to be treated? Even if you were the subject. Yeah, exactly. It's almost like if I had my data being used for a certain thing, context, is that the way I'd want my data treated? It's almost the old adage, do unto others as you would have done to you, right? Yeah, ethics is important. Chichesh, talk about the informatic opportunity because you guys, really, timing's pretty awesome for informatica with the catalog. You guys have an interesting opportunity right now to come in and do a lot of good things for clients. That's exactly right. We've been working very hard with our clients over the last 18 months to help them on this GDPR journey. What we think of as supporting their privacy and protection initiatives. And you mentioned catalog. We have our enterprise data catalog powered by Clare, our AI machine learning capabilities and metadata. And that helps you get an organized view of all your data assets within the enterprise. Leveraging that same technology, we have a secure source offering which is effectively a data subject catalog to help our customers understand where exactly is the data subject sensitive data? Not where the organization's data is, but the data subject sensitive data within the organization. Where their national identifier information is, where their personal home address, email phone, et cetera is, and how many occurrences and what systems. Why? So that our customers can take that information and more effectively respond to the data subject. If the data subject wants to invoke the right to be forgotten or right for data portability, et cetera, as well as take that same information and demonstrate to the regulator that they are processing this sensitive data with the appropriate consent from the data subject. As well as have the systems, I presume, to then be able to expose to the subject the reasons why the data may in fact still be part of the asset of the bank. Correct. So I hadn't heard that before. We've had other companies tell us that they're going to help companies find subject data, but you guys are taking a step further and allowing the bank, in this case, to be able to look at that data from the subject's perspective. Exactly right. Because it's not just with some regulations, financial regulations, you need to demonstrate the quality and trustworthiness of the data. Here, to the regulator, here it's demonstrating to the data subject themselves, the individual themselves, how you're processing, how you're treating their data, how protected or unprotected it is, and how you're using it to market to them. How you're using to sell to them. Does that become part of the metadata? That's exactly right. It's using the same metadata foundation to, but focused on the data subject specifically. Interesting, interesting. How about the protection aspect of it? If I say I want my right to be forgotten and you can hold data where's the protection aspect for the business and the user? Is there conflict there? How do you guys handle that? Yeah, so it's interesting. There is a conflict, so there's a conflict already with existing regulation. So the thing that a lot of people aren't talking about is that you can hold data. So if someone can't just delete data if you want to hold an account or there's a reason for using it, you've got a legitimate use for using it, you can still hold it. You have to tell the customer why you're using it. So there's a lot of context here which they didn't have before. So it's giving the customer the power to understand what their data is being used for, the context it's being used for, and so they know it's not going to be used for the spiritless marketing campaigns. It's being used for a reason that's- Is that extra work for you guys? Or is that automated? This is where we start to get into the question. Next question. Well the context, the context is the metadata and the ability to be able to capture that context explicitly as these data elements have this context in metadata allows you to do that with some degree of certainty and relatively low cost, I assume. Yeah, it's all about reuse, right? So a lot of what we've done in the past, and that's where the bang comes about, everyone's done in the past, is they've understood something and then thrown it away. So with Axon you can record it, record it. And then with the metadata, you can join the metadata in Axon so you can join a high level process, understand what data is used, the context it's used for, who owns it, quality, all these kind of business relevant things. Then you put the metadata in it and you've got a system view, it's very, very powerful. So the technology's starting to allow us to automate. But it's all about gathering it, reusing it and making sure you understand it, right? It's really important. From a data subject catalog standpoint, you get the technical metadata, it tells you across your data landscape where all the sensitive information is for Barry Greene. You marry that up with the business metadata of how is that sensitive information being used in every step of, let's say, customer onboarding your mission critical business processes within the organization. And that's what you demonstrate to a data subject or a regulator of this is how I'm processing it based on this consent. Now, if they invoke their right to be forgotten, there's various things you can do there because there's conflicts. You can just mask the data using our masking capabilities and then it's truly forgotten. Or you can archive the data and remove it from a particular business process that is marketing or selling to them if that's an issue. So you get choice, it's some flexibility. Correct, correct. Or maybe slightly differently, I'm sure you forgot this right, you can get work out of that data in an appropriate way. So the customer can be forgotten so that there's this kind of work now that you cannot apply that data to, marketing whatever else it might be, but when it comes to understanding better products or building better products, whatever else through masking, you can apply the data still to that work because it's a legitimate use under the law. Exactly. But also think about the fact that you've masked key critical data, right? So the thing about data privacy in general was if you can't understand a data subject, so if you can hide certain pieces of data and you can't identify them, you didn't aggregate it, it's not personal data anymore. So there's some real nuances, a lot of people aren't talking about these things, but they're there. I'm sure these nuances will be surfaced. Yeah, yeah. Because certainly it's a beginning of a generational shift. There going to be some pain points coming online. I mean, we're hearing some people complaining here and there, you guys are used to this. Some industries are used to dealing with compliance, like no big deal. Some people are fast and loose with their data, like wait a minute, you're in that company. This is an opportunity, right? Yeah. So like I said, you can't be a digital bank or we can't have a digital proposition if you don't understand your data and you don't understand it and manage it. So this is an opportunity to do this across the enterprise. It exposes companies that have not planned for and architected data, whether that's investment in data engineering or have staff, this is a huge issue. And tools that can support that process. I mean, people are looking in their organization going, oh man, we really don't have it or they're ready. The exciting part is organizations have focused on quality and trustworthiness of their data. We're now taking that same data and focusing on the privacy and protection and the ethical treatment of it and leveraging the appropriate technologies which happen to be very similar fundamentally for quality and trust and privacy and protection. And in the absence of a global standard for GDPR, we're seeing organizations adopt GDPR as a de facto standard. In fact, Facebook just announced that they're treating all users data, you know. Well, that was one of our research predictions. Yeah, exactly. Pretty obvious. I mean, we'll see how it doesn't have any teeth or anything, but, you know, Facebook's got their own channel. But it's an opportunity for a clean sheet of paper. We'll know Friday, May 25th. I'm sure there's going to be a ton of class action while students are getting Facebook. Jatesh, Barry, thanks for coming on. Great to see you again. Pleasure, thanks for having us. Thanks for everything in Ireland. We're here in the open and Informatical World right in the Solutions Exposed theCUBE, bringing you all the data right here in the cataloging at thecube.net. Check it out. I'm John Furrier with Peter Burris. Stay with us for more day two coverage at Informatical World after this short break.