General Data Protection Regulation (GDPR) is a new legislation enacted in the European Union (EU) as of April 14, 2016, and will be enforced on May 25, 2018.1 It impacts any firm that employs at least 250 people and deals with EU resident data within any of the EU member states. GDPR offers EU residents additional control over their personal data with rights to modify, restrict, or withdraw consent and to allow data portability. The MapR Converged Data Platform (MCDP) enables firms with privacy, security, auditing, and portability of resident data. The MCDP can maintain all personal, financial, location, and search history data accurately in a fully read-write capable data store without requiring changes to the underlying IT infrastructure or cloud technologies.
The following four points summarize the key tenets of this new legislation:
Easier access to your own data. Individuals in the EU will have more information on how their data is processed in a clear and understandable way.
A right to data portability. It will be easier to transfer your personal data between service providers.
A “right to be forgotten.” When the individual no longer wants her data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted.
A right to know when your data has been hacked. Firms must notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures.
With the looming May 25, 2018, deadline, firms should see it as an opportunity to begin managing resident data, according to the legislation. GDPR is a forcing function for firms to adopt a big data platform that helps consolidate data, maintain better control of it, and implement a forward-looking data and analytics solution.
With GDPR, firms are required to prepare themselves in the following ways:
MapR, a visionary Silicon Valley based enterprise software company, has pioneered one platform for all data across every cloud. The MCDP helps firms to build data inventory and business process mapping, offering them traceability of data, controlled role-based access, and portability of PII data–all of this with strict adherence to GDPR.
The MCDP is built with privacy and security in mind. A unified trust model and enterprise-grade resiliency is coded into our core to ensure a firm’s data foundation meets compliance and operational data requirements out-of-the-box. The MCDP offers the industry’s first modern data system that addresses the 7 principles stated in GDPR, Chapter 2, Article 5.
|Lawfulness, Fairness, and Transparency||Keep track of personal data in a transparent manner.||Track lineage of personal data and create a system of records.|
|Purpose limitation||Collect personal data for specified purposes and restrict additional processing.||Support for comprehensive PII data auditing and governance.|
|Data Minimization||Personal data shall be adequate, relevant, and limited to the intended purpose.||File- and volume-level restrictions with Access Control Expressions (ACE).|
|Accuracy||Personal data should be accurate and up-to-date.||Built-in read-write file system for updating subsets of data.|
|Storage Limitation||Personal data should be identifiable for the duration and purpose intended.||A global data store with support for erasing subsets of PII data.|
|Integrity and Confidentiality||Personal data should be appropriately secured from unlawful or unauthorized processing.||Support for enterprise-grade High-Availability/ Disaster Recovery, on-the-wire encryption, ACE.|
|Accountability||The controller is responsible for GDPR compliance.||Support for comprehensive PII data auditing with no system performance degradation. Real-time alerts for breach notifications.|
Firms must take the necessary steps in planning GDPR compliance or face fines of up to 4% of the annual revenue.1 Thankfully, MapR offers a forward-looking data platform that is resilient to such regulatory changes. With MCDP–one platform, all data, across every cloud–any firm dealing with EU resident data can accelerate GDPR compliance.