3 Steps to Data Protection Compliance (GDPR)
The European Union’s General Data Protection Regulation (GDPR) will come into effect on May 25th, 2018, and all businesses that serve European Union customers will be required to comply. Companies that fall short of compliance with GDPR will be subject to extremely large fines, lawsuits and the headache of additional audits. If a company actually suffers a data loss as a result of noncompliance, what are the additional costs of rebuilding consumer trust in the company brand?
To comply with the GDPR, companies will have to demonstrate that personal data is:
- Processed lawfully and fairly, and in a transparent way
- Collected for specific, explicit, and legitimate purposes
- Limited to only what is necessary for processing
- Kept accurate and up-to-date
- Stored so that the subject is identified only when necessary
- Processed in a secure manner so it does not fall into the wrong hands or become lost, damaged, or destroyed
- Protected “by design”: All new systems will need to be developed with privacy in mind
Many companies will find it challenging to comply with these principles, since personal data is often stored and replicated across a myriad of heterogeneous data sources, both on premises and in the cloud.
To prepare for GDPR, companies will need a 360 degree view into all of their data, and a way to establish security controls over the entire infrastructure from a single point. Data virtualization provides this capability, enabling companies to quickly and easily comply with data protection regulations without investing in new hardware or re-building existing systems from the ground up.
3 Ways Data Virtualization Helps
- Don’t replicate, virtualize! The reason companies find themselves with a complex headache when it comes to complying with the GDPR regulations in the first place, is that personal data is fragmented across the business and so users resort to extracting and consolidating the data on an individual project basis. If each project replicates the same data, this leads to governance and security nightmares. Data virtualization can present distributed data from across the business through a single virtual re-usable access layer, removing the need for users to physically consolidate and replicate data outside of the source systems, and removing the associated governance issues.
- Secure your data everywhere! An advantage of accessing consolidated personal information virtually through a Data virtualization layer, is that you can apply consistent levels of security across the heterogeneous data sources in which the data resides. The Data virtualization layer includes a security model that democratizes security whether the data is mastered in Hadoop, RDBMS systems or even in a spreadsheet.
- Don’t update tomorrow what you can update today! The onus of GDPR on ensuring that data is accurate, means that if personal data is updated to reflect a customer’s details, this needs to be propagated throughout the business now, not mañana! Data virtualization removes the need for replication and latency of updates of customer information. Users get the accurate information as applied in the system of record without having the worry of accessing un-synchronized local copies of the data that are out of date.
If you want to know more about how Denodo is solving the data protection challenges posed by regulations such as GDPR, watch our on demand webinar: “GDPR Compliance Made Easy with Data Virtualization”