7 min read
The General Data Protection Regulation (GDPR) is a new legislation enacted in the European Union (EU) as of April 14, 2016, that will be enforced on May 25, 2018. It impacts any company with 250+ employees that controls or processes EU citizen data (i.e., data that pertains to residents in any of the 28 member states of the EU). GDPR offers EU residents additional control over their personal data with rights to modify, restrict, or withdraw consent to access or utility, and it enables data portability.
Many companies in the United States have been ignoring this legislation, assuming that it doesn't affect them. A Forbes article summarizes why US-based companies need to get serious about GDPR. Moreover, a Forrester report, published in January of this year, suggests that merely 25 percent of organizations across Europe are thought to be GDPR-compliant by now, while another 22 percent expect to be GDPR-compliant in the next 12 months. But, despite GDPR becoming law in less than four months, Forrester found that 11 percent of organizations are still considering what to do about it, while 8 percent of organizations aren't familiar with GDPR at all. Forrester's research also found that it is typically media and retail organizations–companies which handle some of the largest amounts of customers' personal data–that are currently the least prepared for GDPR, with only 27 percent reported to be fully GDPR-compliant.
With those market numbers out of the way, the next thing would be to qualify whether your organization needs to be ready for GDPR or not. It is fair to say that there are some misunderstandings in this area, and many organizations tend to conclude that GDPR doesn't really apply to them. To that, I suggest you think about all the data that your company collects from mobile devices, sensors, marketing campaigns, chat-logs, in-store shoppers, home automation solutions, transportation, logistics, and social media channels that can be qualified as personal data that pertains to EU residents. Any of these datasets, and any others that can be used to identify a person in the EU, would come under GDPR scrutiny. Moreover, regardless of whether your company is a data controller or a data processor, based inside or outside of the EU, GDPR applies to you.
So, if you are part of a business, data engineering, IT, or legal team within your organization that collects or processes personal data from any EU citizen, you need to pay close attention to this regulation; you can't afford to ignore it. Hefty fines will be applied to companies that fail to comply with GDPR, which can range up to 4% of a company's revenue. Determine your GDPR readiness with a free assessment tool.
If you are a data protection officer or data governance professional, you need to have a clear plan around data governance, accountability, location, and portability. The following points summarize the key tenets of this new legislation:
At MapR, we believe the key underpinning for being GDPR-ready is starting with a data lake that can address data storage, retention, portability, lineage, and governance, using a single, unified platform, instead of a mix of point solutions.
This is precisely why MapR has chosen to partner with Talend on creating an offering that helps companies accelerate the deployment of a GDPR-ready/compliant data lake. Our joint solution is based on the MapR Data Platform and Talend Data Fabric, which together help customers address the following challenges:
The MapR Data Platform provides several features to comply with GDPR, including MapR Volumes, which logically groups PII data (EU vs. non-EU) and immediately applies policies and permissions to this data; high-performance MapR auditing to log data access; and MapR mirroring and replication to easily control the movement of 'portable' data.
The table describes how our joint solution addresses the seven key principles stated in the GDPR guidelines for compliance—specifically, Chapter 2, Article 5.
Talend's data integration platform, Talend Data Fabric, combines data quality, metadata management, data stewardship, data lineage, data services, and big data integration to collect, standardize, reconcile, certify, protect, and propagate personal data. Their unified suite of components, namely the Talend Big Data Platform, Master Data Management, and Metadata Manager, along with their readiness assessment questionnaire are instrumental in this process.
Watch this online webinar to learn more about MapR and Talend's GDPR Data Fabric.
To summarize, complying with GDPR requires going beyond establishing a rules-based control mechanism, business intelligence reporting, and basic data management tools. You need to get started with a modern data lake solution that allows robust data governance, data lineage, data anonymization, and more–a solution that allows for the convergence of all data, in one platform, across every on-premises, cloud, multi-cloud, or hybrid cloud environment.
The good news: It's easy to get started. Check out our joint MapR/Talend GDPR Data Lake solution and our joint solution brief to see how it can help you attain better data security and GDPR compliance.
Stay ahead of the bleeding edge...get the best of Big Data in your inbox.