Alon Rosenthal, Founder and CEO GDPR. It’s coming soon and includes a mountain of personal data protection requirements. Articles such as “right to be forgotten”, consent, security by design, restriction of processing would make the toughest IT architect sweat. Why? Because they require massive code-changes to business applications, processes and databases.

GDPR Main Compliance Requirements Article # |Article Name Article # |Article Name Processing of Personal Data Restriction of processing 5 18 Lawfulness of Processing Right to Data Portability 6 20 Conditions for Consent Right to Object 7 21 Conditions of Child's Consent Protection by Design & Default 8 25 Processing Special categories Records of Processing Activities 9 30 GDPR. It’s coming soon and includes a mountain of personal data protection requirements. Articles such as “right to be forgotten”, consent, security by design, restriction of processing would make the toughest IT architect sweat. Why? Because they require massive code-changes to business applications, processes and databases. Processing of Criminal Records Security of Processing 10 32 Right of Access Notification of Data Breach 15 33 Right to be Forgotten Communication of Data Breach 17 34

Existing Approaches End-Users Applications Databases Billing Finance Reporting Tools CRM ERP e-Commerce Applications Billing Finance Front-office HR-App Databases My journey started 15 years ago, when I founded my first company, inventing dynamic masking to protect DBA access by building a database proxy, and getting bored DBAs fired. It was useless for controlling business applications, as the user and request context was never proliferated from the end-user to the database…(you can blame connection pools, microservices, caching) After 10 years my first company was acquired by a big American company that has built its entire offering based on our company. But my journey did not end.

Existing Approaches End-Users Applications Databases Billing Finance Reporting Tools CRM ERP e-Commerce Applications Billing Finance Front-office HR-App Databases My journey started 15 years ago, when I founded my first company, inventing dynamic masking to protect DBA access by building a database proxy, and getting bored DBAs fired. It was useless for controlling business applications, as the user and request context was never proliferated from the end-user to the database…(you can blame connection pools, microservices, caching) After 10 years my first company was acquired by a big American company that has built its entire offering based on our company. But my journey did not end.

Existing Approaches End-Users Applications Databases Billing Finance Reporting Tools CRM ERP e-Commerce Applications Billing Finance Front-office HR-App Databases My journey started 15 years ago, when I founded my first company, inventing dynamic masking to protect DBA access by building a database proxy, and getting bored DBAs fired. It was useless for controlling business applications, as the user and request context was never proliferated from the end-user to the database…(you can blame connection pools, microservices, caching) After 10 years my first company was acquired by a big American company that has built its entire offering based on our company. But my journey did not end.

SecuPi Central Management Server We Solve GDPR on All Applications, DW and Big Data It is Fast to Deploy, No DB Agents, No Code-Changes End-Users e-Commerce Reporting Tools CRM ERP Applications Billing Finance Front-office HR-App SecuPi Central Management Server Databases - CONFIDENTIAL - Discovery, data-flow mapping Dynamic Consent Controls User Behavior Analytics (UBA) Logical Deletion Monitoring & Auditing Physical Deletion/ Anonymization I started to plan my second platform, but now instead of controlling mere DBA access, I wanted much more - providing fine-grained visibility and control across entire personal data-flows and processes. These are the same data-flows and processes that when reading the 100 pages of GDPR – it is all about!! I was looking for a new view point that will allow me to solve the puzzle and build the platform. The answer was clear. In a digital world, where everything is an application – from CRM, billing, applications on cloud datawarehouses and big data - the application is the Archimedes point. I regrouped my team and set course to build an application overlay and this is what we have created - CONFIDENTIAL -

SecuPi Solves it by Simply Putting a Jar on Your Apps Application UI & Other Interfaces Data flow Discovery Monitoring Masking/encryption/tokenization User Request Data Request Application Server (Java/.Net) User Response Data Response Data Deletion Consent Controls Classification and Labeling Monitoring Data Sources Masking SecuPi Overlay installed on Application Servers Documents Encryption/ tokenization Discovery and Classification Monitoring Masking SecuPi Central Management Servers Logs Encryption/ tokenization

SecuPi Solves All Technical GDPR Articles Solution Capabilities Main Compliance Requirements Article # |Article Name | SecuPi Feature Article # |Article Name | SecuPi Feature Processing of Personal Data Restriction of processing 5 18 Lawfulness of Processing Right to Data Portability Discovery, data-flow mapping 6 20 Conditions for Consent Right to Object User Behavior Analytics (UBA) 7 21 Conditions of Child's Consent Protection by Design & Default Monitoring & Auditing 8 25 Dynamic Consent Controls Processing Special categories Records of Processing Activities 9 30 SecuPi broad platform capabilities, including Discovery & classify data, Identify data-flows, Real-time monitoring, Auditing & Behavior analytics and Apply Subject Rights (logical deletion, dynamic masking etc.,) provides the most comprehensive GDPR coverage, addressing the different articles. Logical Deletion Processing of Criminal Records Security of Processing 10 32 Physical Deletion / Anonymization Right of Access Notification of Data Breach 15 33 Right to be Forgotten Communication of Data Breach 17 34

GDPR “Right to be forgotten”, Restriction of Processing in a Siebel CRM Application By installing SecuPi on-prem or on-cloud, we put an overlay on the application servers. Within FEW HOURS, already certain personal data is anonymized, redacted, masked or blocked, allowing access on a need to know basis, applying consent controls and logical deletion,

Enterprise Compliance Get Your Top-Risk Applications GDPR Ready in Few Weeks It is Fast to Deploy, No DB Agents, No Code-Changes Compliance Ready! SQL-Plus Toad Enterprise Compliance Time e-Commerce Campaign Mng. And the best for last: our ability to put our overlay on the applications, enables to within less than few weeks get your dozens top-risk applications GDPR ready! Marketing CRM Wave-1 Wave-2 Wave-3

SecuPi Protects your Applications Going to Cloud I started to plan my second platform, but now instead of controlling mere DBA access, I wanted much more - providing fine-grained visibility and control across entire personal data-flows and processes. These are the same data-flows and processes that when reading the 100 pages of GDPR – it is all about!! I was looking for a new view point that will allow me to solve the puzzle and build the platform. The answer was clear. In a digital world, where everything is an application – from CRM, billing, applications on cloud datawarehouses and big data - the application is the Archimedes point. I regrouped my team and set course to build an application overlay and this is what we have created CRM ERP e-Commerce Reporting Tools Applications Billing Finance Front-office HR-App SecuPi Central Management Server

When to call SecuPi: GDPR or “Right to be forgotten” Database Activity Monitoring (DAM) Data Masking Encryption Reach out to: alon@secupi.com