The Countdown to GDPR Compliance Begins - Are You Ready?

Contributed by

7 min read

The Countdown to GDPR Compliance Begins – Are You Ready?

The General Data Protection Regulation (GDPR) is a new legislation enacted in the European Union (EU) as of April 14, 2016, that will be enforced on May 25, 2018. It impacts any company with 250+ employees that controls or processes EU citizen data (i.e., data that pertains to residents in any of the 28 member states of the EU). GDPR offers EU residents additional control over their personal data with rights to modify, restrict, or withdraw consent to access or utility, and it enables data portability.

Many companies in the United States have been ignoring this legislation, assuming that it doesn't affect them. A Forbes article summarizes why US-based companies need to get serious about GDPR. Moreover, a Forrester report, published in January of this year, suggests that merely 25 percent of organizations across Europe are thought to be GDPR-compliant by now, while another 22 percent expect to be GDPR-compliant in the next 12 months. But, despite GDPR becoming law in less than four months, Forrester found that 11 percent of organizations are still considering what to do about it, while 8 percent of organizations aren't familiar with GDPR at all. Forrester's research also found that it is typically media and retail organizations–companies which handle some of the largest amounts of customers' personal data–that are currently the least prepared for GDPR, with only 27 percent reported to be fully GDPR-compliant.

With those market numbers out of the way, the next thing would be to qualify whether your organization needs to be ready for GDPR or not. It is fair to say that there are some misunderstandings in this area, and many organizations tend to conclude that GDPR doesn't really apply to them. To that, I suggest you think about all the data that your company collects from mobile devices, sensors, marketing campaigns, chat-logs, in-store shoppers, home automation solutions, transportation, logistics, and social media channels that can be qualified as personal data that pertains to EU residents. Any of these datasets, and any others that can be used to identify a person in the EU, would come under GDPR scrutiny. Moreover, regardless of whether your company is a data controller or a data processor, based inside or outside of the EU, GDPR applies to you.

So, if you are part of a business, data engineering, IT, or legal team within your organization that collects or processes personal data from any EU citizen, you need to pay close attention to this regulation; you can't afford to ignore it. Hefty fines will be applied to companies that fail to comply with GDPR, which can range up to 4% of a company's revenue. Determine your GDPR readiness with a free assessment tool.

So what does GDPR mean for you?

If you are a data protection officer or data governance professional, you need to have a clear plan around data governance, accountability, location, and portability. The following points summarize the key tenets of this new legislation:

  • Easier access to personal data. Citizens in the EU will be given greater visibility into how their data is being processed in a clear and understandable way.
  • A right to data portability. It will be easier for people to transfer personal data between service providers.
  • A right to be forgotten. When an individual no longer wants his/her data to be processed and provided there are no legitimate grounds for retaining it, the data will be deleted.
  • A high standard for consent. It needs to be freely given, specific, informed, unambiguous, provable, and easy to withdraw.
  • A right to know when your data has been hacked. Companies must notify the national supervisory authority of serious data breaches as soon as possible (within 72 hours in many cases), so that users can take appropriate measures.

Making your personal data compliant 5 times faster with a GDPR data lake

At MapR, we believe the key underpinning for being GDPR-ready is starting with a data lake that can address data storage, retention, portability, lineage, and governance, using a single, unified platform, instead of a mix of point solutions.

This is precisely why MapR has chosen to partner with Talend on creating an offering that helps companies accelerate the deployment of a GDPR-ready/compliant data lake. Our joint solution is based on the MapR Data Platform and Talend Data Fabric, which together help customers address the following challenges:

MapR Data Platform and Talend Data Fabric

The MapR Data Platform provides several features to comply with GDPR, including MapR Volumes, which logically groups PII data (EU vs. non-EU) and immediately applies policies and permissions to this data; high-performance MapR auditing to log data access; and MapR mirroring and replication to easily control the movement of 'portable' data.

The table describes how our joint solution addresses the seven key principles stated in the GDPR guidelines for compliance—specifically, Chapter 2, Article 5.

Joint solution addresses the seven key principles

Talend's data integration platform, Talend Data Fabric, combines data quality, metadata management, data stewardship, data lineage, data services, and big data integration to collect, standardize, reconcile, certify, protect, and propagate personal data. Their unified suite of components, namely the Talend Big Data Platform, Master Data Management, and Metadata Manager, along with their readiness assessment questionnaire are instrumental in this process.

Watch this online webinar to learn more about MapR and Talend's GDPR Data Fabric.

To summarize, complying with GDPR requires going beyond establishing a rules-based control mechanism, business intelligence reporting, and basic data management tools. You need to get started with a modern data lake solution that allows robust data governance, data lineage, data anonymization, and more–a solution that allows for the convergence of all data, in one platform, across every on-premises, cloud, multi-cloud, or hybrid cloud environment.

The good news: It's easy to get started. Check out our joint MapR/Talend GDPR Data Lake solution and our joint solution brief to see how it can help you attain better data security and GDPR compliance.

This blog post was published March 05, 2018.

50,000+ of the smartest have already joined!

Stay ahead of the bleeding edge...get the best of Big Data in your inbox.

Get our latest posts in your inbox

Subscribe Now