Arcadia Data Drives GDPR Compliance With Modern Data Lake BI Architecture
May 2018 by Marc Jacob
Arcadia Data announced that its flagship product, Arcadia Enterprise, which is defining the next era of analytics and BI for data lakes, offers capabilities that help address compliance for the General Data Protection Regulation (GDPR) through its robust governance features. GDPR was designed to improve data security and privacy for citizens of the European Union and modernize how organizations approach data privacy. Organizations must be compliant with the new regulation beginning May 25, 2018 and as the steward of this data, the data protection officer (DPO) needs to be proactive in understanding the overlapping relationships used to control and process that data.
GDPR is relevant not only to EU-based companies, but also to any company with customers in EU countries. To avoid the heavy fines levied toward non-compliance, global businesses must be more diligent in protecting customer data. Appropriate steps to ensure compliance include:
• Appointing a data protection officer, responsible for overseeing the proper handling of personal data.
• Using data only for what is absolutely necessary.
• Reducing copies of data and reduce data movement.
• Implementing strong access controls.
• Enabling data auditing.
• Achieving a holistic view of data in a single dashboard.
To achieve compliance, processes need to be sustainable and strong, but DPOs also need to report what actions were taken to respond to an event and defend why those actions were taken. DPOs need to be able to demonstrate that they have identified every EU person within their systems, that each EU person fully understands how his/her data is being used, and that there is no ambiguity in his/her consent to that use. The DPO must show that the organization tracks how many times data subjects requested access to their data, and that the data was provided in a convenient and timely way. If a person requests to be forgotten, the organization must prove that every data point about the person has been deleted, and if not, why (e.g., financial data retention regulations). Data breaches must get reported within 72 hours, so the DPO needs to defend when zero hour started.
Arcadia Data has taken a number of steps to assist customers with GDPR compliance when using Arcadia Data products. Arcadia Data is part of a cybersecurity solution based on Apache Spot, which helps security professionals identify and prevent unauthorized access to personal data. Arcadia Enterprise comes equipped with a number of features that support the requirements of GDPR.
These features are wrapped in a modern environment that improves access to analytics and BI for business analysts. The features include:
• Governed workspaces with granular permissions to provide controls on access to sensitive data.
• Column-level security with Apache Sentry and Apache Ranger integrations.
• Auditing support with Sentry and Ranger.
• Security-enabled caching, in which any cached data is rechecked with access controls to ensure that any changes in permissions are not circumvented via the cached data.
• Data blending capabilities help to verify the accuracy of data across sources and verify to regulators that personal data has been deleted upon request.