GDPR Todd Goldman April 12, 2017

Danger, Will Robinson! GDPR is Coming!

Or so the robot from Lost in Space might say. Though, as organizations begin working toward GDPR readiness, many may find themselves instead quoting Dr. Smith: “Oh the pain, the pain!”


Of course, when I say GDPR, I mean the new requirements set forth by the European Union’s General Data Protection Regulation, which will go into effect May 25, 2018. Often cited as the most important change in data privacy regulation in two decades GDPR’s goal is to strengthen data protection for individuals within the European Union. Organizations that fail to comply could be fined up to a maximum of 20,000,000 EUR or 4 percent annual global revenue of the preceding financial year, whichever is higher. And while GDPR only covers European citizens, any organization that handles the personal data of EU-based individuals will be required to comply, regardless of where the company is located.


Here in the US, lawmakers repealed the FCC rules that would have required internet service providers to get user permission before collecting personal data, but this won’t be the last word. More consumers are demanding more control over their data not just because of some abstract fear over who’s doing what with their data, but as justifiable reaction to the drumbeat of devastating data breaches that continue to hound corporate America. More regulations are coming. Get used to it—a strong data governance program is no longer a nice-to-have. It’s an absolute must.


Typical data governance tools can tell you what kinds of data should be considered sensitive. The problem is, they assume you already know where the data resides. There are other tools that can be deployed at the data security and storage level, and they’re very good at helping you lock down sensitive data. But these tools suffer from the same problem. The don’t tell you:


– Where GDPR-regulated data is located

– Where the data came from or where it’s going

– How to identify, report and control new GDPR-regulated data is it comes in


If you’ve been reading our blog, you’ll know this isn’t the area on our site where we tend to get salesy. The purpose of our blog is to educate. But when it comes to GDPR, I feel it’s important to discuss our Smart Data Catalog 4.0, because complying with GDPR is a highly complex thing. Our product can save you a ton of time, money and headaches.


We do this primarily through automation. Enterprises must operationalize compliance through automation or else depend on manual processes that simply won’t be enough to help organizations keep up. The volume of data is simply too high.


We commissioned a GDPR white paper to explore the issues around GDPR and how a data catalog can be part of a solution to addressing GDPR requirements. The first half of the paper is purely educational. The second half of the paper is the Waterline response to the issues brought up in the first half and discusses how organizations can use Waterline Data to can discover, search, and surface critical data to an organization, connecting the business and governance processes built around GDPR to the actual data that needs to be governed. But in short, our Smart Data Catalog automatically “fingerprints” data at scale by analyzing source data. It then matches the unmatched terms and creates new missing terms through crowdsourcing. This is the process that automatically builds an inventory of all your sensitive data. Waterline also captures data lineage and supports data masking within its own interface for sensitive data that has been automatically discovered. More important, because Waterline automatically tags data as sensitive, sensitive or private data will have their tags passed on to access control tools such as Apache Ranger or Cloudera Sentry (or others via a REST API), which can then be used to make sure only people who have access rights can see the sensitive data.


Check out our new white paper here and let us show you how to become “Un-lost in Space!”