How Cloudera Can Aid GDPR Compliance

HOW CLOUDERA CAN AID GDPR COMPLIANCE
Wim Stoop | Senior Technical Marketing Manager
Colm Moynihan | Partner SE Manager EMEA

2 © Cloudera, Inc. All rights reserved.
DISCLAIMER
GDPR is a complex and detailed regulation.
There’s no single method or solution that will make all organizations compliant.
This presentation is intended to help organizations understand how Big Data platforms such as Cloudera software and
services can be used to help comply with certain aspects of EU General Data Protection Regulation (GDPR) requirements.
Applicability of any of these capabilities depends on each organization’s own requirements specific to their
business. Every organization should determine its own needs with regard to GDPR and then evaluate solutions for
suitability to those needs. The information contained in this presentation is not intended to be and should not be
construed to be legal advice. Organizations must not rely on the information herein and they should obtain legal advice
from their own legal counsel or other professional legal services provider.

GENERAL DATA PROTECTION REGULATION (GDPR)
Enforced from
May 25, 2018
Rights of the
consumer
Substantial
penalties
Obligations
of the
organization
Applicable
worldwide
Personal Data
• Right to be forgotten/erasure
• Right to access information
• Right to data portability
• Right for processing to be restricted
• Across people, process and
technology
• Impacts how personal data is
collected and used
• Heavy fines for violations
• Up to 20M Euros or 4% of the
annual global turnover for the
preceding financial year
• Any organization with any users in the EU
needs to be compliant.
• Includes companies based outside the EU,
processing personal data from EU residents
in connection with the offering any goods or
services or monitoring user behavior.
• Includes data processor and data controller
GDPR

ALL TYPES OF PERSONAL DATA INCLUDED
SOURCE: COGNIZANT

SEVEN KEY
PRINCIPLES
OF GDPR
1
2
3
4
5
6
7
INTEGRITY AND CONFIDENTIALITY
How do I apply IT controls to prevent unauthorized access?
ACCOUNTABILITY
How can I demonstrate compliance? How do I report breaches in 72 hours?
LAWFULNESS, FAIRNESS, TRANSPARENCY
How do I track personal data?
PURPOSE LIMITATION
How do I track consent while using data science tool choice?
DATA MINIMIZATION
How can I anonymize personal data?
ACCURACY
What is a low-overhead way to fix data?
STORAGE LIMITATION
How do I erase individual data records upon request when the file systems are immutable?

STAKEHOLDER
AWARENESS
READINESS
ASSESSMENT
DATA
INVENTORIES
& MAPPING
GOVERNANCE
LEGAL &
COMPLIANCE
TECHNOLOGY DATA
FOUNDATIONAL ACTIVITIES TYPICAL REMEDIATION CONSIDERATIONS
GDPR
FORMALISED
25 MAY
2016
GDPR
ENFORCED
25 MAY
2018
Big data solutions can help here
THE PATH TO GDPR COMPLIANCE
Where are you along this path?
SOURCE: COGNIZANT
Big data solutions can help here

POLL: Where are you on the path to compliance?
1. Stakeholder awareness
2. Readiness assessment
3. Data inventories and mapping
4. Governance
5. Legal and compliance
6. Technology
7. Data
8. Don’t know

© Cloudera, Inc. All rights reserved.
HOW CLOUDERA CAN HELP ACCELERATE
GDPR COMPLIANCE

SINGLE PLACE TO SECURE AND GOVERN FOR GDPR COMPLIANCE
WORKLOADS 3RD PARTY
SERVICES
DATA
ENGINEERING
DATA
SCIENCE
ANALYTIC
DATABASE
OPERATIONAL
DATABASE
DATA CATALOG
GOVERNANCESECURITY LIFECYCLE
MANAGEMENT
STORAGE
Microsoft
ADLS
COMMON
SERVICES
HDFS
Amazon
S3
CONTROL
PLANE
KUDU
For data that is stored on a single platform, there is a single place to secure and govern
for GDPR compliance, across all analytic workloads
Batch or
Real- time
Data
Streams
Data
Streams

• Data Catalog: a comprehensive catalog of all data sets, spanning on-premises,
cloud object stores, structured, unstructured, and semi-structured. Includes
technical schemas from the Hive metastore, as well as business glossary
definitions, classifications, and usage guidance
• Security: role-based access control applied consistently across the platform
using Apache Sentry. Also includes full stack encryption and key management
• Governance: enterprise-grade auditing, lineage, and other governance capabilities
applied universally across the platform with rich extensibility for partner
integrations
• Lifecycle Management: comprehensive ingest-to-purge management of data set
lifecycle activities
• Control Plane: multi-environment cluster provisioning, deployment, management,
and troubleshooting
SHARED DATA CONTEXT SERVICES
Built for multi-function analytics anywhere
WORKLOADS 3RD PARTY
SERVICES
DATA
ENGINEERING
DATA
SCIENCE
ANALYTIC
DATABASE
OPERATIONAL
DATABASE
DATA CATALOG
GOVERNANCESECURITY LIFECYCLE
MANAGEMENT
STORAGE
Microsoft
ADLS
COMMON SERVICES
HDFS
Amazon
S3
CONTROL
PLANE
KUDU

GDPR IS A DATA MANAGEMENT CHALLENGE
Access Requests
Consent
Right to be Forgotten
Data PortabilityData Breaches
EU citizens Employees
Accuracy
Data Hub
GDPR

CLOUDERA’S GDPR DATA HUB – AUTOMATE AT SCALE
Security - Encryption, Authentication, Role Based Access Control
Sources
CRM
Contact
Centre
Staff
Core
Finance
Marketing
Data Subject
360
Download All
Delete All
Grant ConsentRights &
Consent
Manager
SDX - Security Governance Audit
Enterprise Search
Right to Erasure
Cyber Intelligence
All Data all Data Subjects
Files, PDF, video
Email, Social
Structured data, ERP, CRM
Lineage back to source
Discovery
Cloudera Data Science Workbench
R, Python, Scala
Data Science at Scale
Cloudera GDPR Hub

INGEST ALL REQUIRED FORMATS
Sources
CRM
Contact
Centre
Core
Finance
Marketing
Cloudera Navigator
Apply metadata classification on
ingest so that data sets.
DPO locate personal tagged datasets.
Discovery and search
Cloudera Navigator
Data Lineage back to Source.
Portability

GOVERNED AND SECURE CUSTOMER360 IN GDPR DATA HUB

REGISTRY STYLE C360 WITH FUZZY MATCHING
15
Single Person View +
Products & Services + Valuable family,
organizational & employee relationships
Household
Relationships
Out-of-
Household
Relationships
Consent from Parent
Relationships
Organisational
Relationships
Stock Broker
Financial Analyst
Jill Jones
Kevin Jones
Kristen Jones
Kelly Jones
A
D
B
F
B
E
B
H
B
Bill Jones
Betty Jones
B
G
B
I
Data Subject 360 & Consent Management
Single Person View +
Products & Services
360 Data Subject View
A complete, accurate
& consistent view of
Person data
J.Q. Jones
John
Quincy Jones
J. Quincy
Jones
J. Jones
Jonathan
Jones
Single
Person View
Contact
Employee
Children
Contractor

ACCESS REQUEST & CONSENT
Web / Mobile App
GDPR Data Hub
Data
Subject360
Subject
and
Consent
All data
Access
Request
All GDPR data
Web / Mobile App
Is it accurate?
Purposes, categories
Accuracy
‘Download all’ request

CONSENT MANAGEMENT WITH
• Use HBase for all onLine Forms
• Built for scale and security
• Used by Tax offices
• Secured
Consent

GOVERNANCE AND DATA CATALOG
All actions audited
• All transactions audited
• Add GDPR metadata tags on ingest
Lineage
• All workloads audited
Record of processing
• Generate your ROP template
Trusted for production
• Deployed by hundreds of customers
across multiple industries
• Over four years in production
Compliance-ready
• The only Hadoop distribution to pass PCI
audit
Open and interoperable
• Integrated with the leading partner
solutions
Record of
Processing

CYBER SECURITY – NO DATA BREACH
Apache
Spot
• Apache Spot - Cyber security done at PetaByte scale
• Real-time alerting of breaches
• Built using Cloudera
• Spot expedites threat detection, investigation, and
remediation via machine learning and consolidates all
enterprise security data into a comprehensive IT telemetry
hub based on open data models.
• Partner ISV – SYNPR Securonix Built on Cloudera
• Log management, next gen – SIEM
• User Entity Behavior Analytics - UEBA
• Insider threat management
• Real-time reporting and notification
• Fraud detection in one system
• Lineage back to source with Cloudera Navigator
Breaches

Data
integration
Erasure
Web form
Delete, Archive or Mask at source
Delete
Lineage to source
metadata manager
EU citizen Request
GDPR Data Hub
Orchestration
Workflow
Look up
Data Subject
RIGHT TO BE FORGOTTEN AT SCALE
SDX Workload

AUDIT: FULL TEXT SEARCH TO VERIFY DELETION
Full-text search
Faceted navigation
lets users explore
and analyze data in
real-time to find
what’s relevant and
gain new insights.
Erasure
All data searched
Emails, PDF,
Structure data,
messages

LAPTOP VS CENTRALIZED DATA SCIENCE
“LAPTOP DATA SCIENCE”
• Copy personal data to laptops
• Fails GDPR compliance audit
• Potential data breach
Typical Big Data
Environment
Data scientists pull data
to their laptops so they
can run their own tools
CENTRALIZED DATA SCIENCE
• Personal data remains governed
• Purpose limitation enforced
Data Science Workbench

WHY CLOUDERA FOR GDPR
All personal data in the GDPR
Data Hub allowing EU citizens to
download all their data
Real-time Cyber Security. Prevent
breaches using Cloudera’s 5
levels of security
Delete all data on the hub.
Trigger workflow to delete or
mask data at source
AUTOMATED
ACCESS TO ALL
PERSONAL DATA
RIGHT TO BE
FORGOTTEN
PROTECT
AGAINST DATA
BREACHES

COMPLIANCE DIFFERENTIATORS
Compliance Must Haves — common to most regulations
Cloudera Competitors
✓ Encryption: All sensitive data encrypted at rest and in motion
Cloudera Navigator Encrypt / Cloudera Navigator Key Trustee
X Data un-encrypted on local disks. Key management missing
safeguards. 3rd party tools needed to plug this critical gap.
✓ Authorization: access limited to the data required by job role
Apache Sentry / Cloudera Data Science Workbench
X Set access controls separately/repeatedly in each framework
and storage silo. Very difficult to ensure correct permissions
✓ Audit: All user actions must be logged (for forensics use)
Cloudera Navigator
X Audit can be disabled / Audit drops under load
✓ Visibility: All data must be classified according to sensitivity
Cloudera Navigator
X Limited business metadata, coarse-grained lineage
✓ Erasure: Individual records can be updated or deleted (GDPR)
Apache Kudu
X Restricted to batch deletions and other scaling challenges
Solutions can only go to production if they meet top compliance “must haves”

DEMO

POLL: When do you expect to be GDPR compliant?
Single select
1. Ready now
2. Within 3 months
3. Within 6 months
4. Within a year
5. Don’t know

CLOUDERA’S OWN GDPR IMPLEMENTATION
We drink our own champagne
Cloudera created a personal data system of record and
consent catalog in our internal EDH using Apache Kudu
Before:
• over 4 million rows of personal data across 3
external systems with duplicate records
After:
• a system of record with 2.2 million unique
accounts
• a single source of truth for consent
• a process to exercise individual data protection
rights

PACKAGED PROFESSIONAL SERVICES
Two week GDPR engagement

SUGGESTED NEXT STEPS
Existing Cloudera customer
• Start your Cloudera Professional Services 2 week GDPR engagement
Considering Cloudera
• Let’s discuss Cloudera’s GDPR Data Hub
Everyone else
• Consider migrating to Cloudera to avoid breaches
• More secure, governed and always audited
• Secure and governed data science at scale

QUESTIONS?

How Cloudera Can Aid GDPR Compliance

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à How Cloudera Can Aid GDPR Compliance

Similaire à How Cloudera Can Aid GDPR Compliance (20)

Plus de Cloudera, Inc.

Plus de Cloudera, Inc. (13)

Dernier

Dernier (20)

How Cloudera Can Aid GDPR Compliance