Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GDPR and Privacy Shield


Published on

General Data Protection Regulation (GDPR) which will be in effect in 2018, brings newer requirements for managing personal and sensitive data of European Union subjects. The recently enacted Privacy Shield directive from 2016 now regulates the movement of data between EU and the US. Together, both regulations are impacting how CXOs are thinking about procuring, storing and processing personal and sensitive data.

Over the last few years, open-source projects such as Apache Ranger and Apache Atlas have been driving comprehensive security and governance within Hadoop and the big data ecosystem. Solution vendors such as Privacera are leveraging the power of Hadoop and Apache projects such as Atlas, Ranger to help security and compliance teams within enterprises easily identify and protect data that are subject to the privacy regulations and monitor the use of such data.

This talk will walk through the current regulatory climate in Europe and how it can impact big data implementations. We will specifically walk through a business framework that enterprises can use to build a strategy to manage GDPR, Privacy Shield, and other regulations. We will use a live demonstration to show how projects such as Apache Ranger, Apache Atlas and solutions such as Privacera can be used effectively to address specific requirements of these regulations.

Published in: Technology
  • Be the first to comment

A Tale of Two Regulations: Cross-Border Data Protection For Big Data Under GDPR and Privacy Shield

  2. 2. Agenda Introductions What is GDPR and Privacy Shield? Key regulations to consider Big data strategies to manage GDPR Demo Wrap up
  3. 3. 3 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Apache Ranger Comprehensive and Extensible Security Model – Centralized platform to define, administer and manage security policies consistently across Hadoop components (HDFS, Hive, HBase, YARN, Kafka, Solr, Storm, Knox, NiFi, Atlas) – Extensible Architecture with ability to add custom policy conditions, user context enrichers Centralized Auditing – Central audit location for all access requests – Support multiple destination sources (HDFS, Solr, etc.) – Real-time visual query interface Fine-Grained Authorization for data access control for Database, Table, Column, LDAP Groups & Specific Users Advanced Security • Dynamic Security Policies: Tag (Atlas), Prohibition, Time, and Location • Dynamic Column Masking & Row Filtering OPERATIONS SECURITY GOVERNANCE STORAGE STORAGE Machine Learning Batch StreamingInteractive Search SECURITY
  4. 4. 4 © Hortonworks Inc. 2011 – 2017. All Rights Reserved STRUCTURED Apache Atlas: Metadata & Governance TRADITIONAL RDBMS METADATA MPP APPLIANCES Kafka Storm Sqoop Hive ATLAS METADATA Falcon RANGER Custom Partners Metadata-driven governance services for Hadoop and enterprise big data ecosystems Data Lineage/Provenance  Along the entire data lifecycle with integrated Cross component lineage Data Classification  Supports classification of data assets using tags (e.g. PII, PHI, PCI etc.) and attributes Metadata Catalog Search  Free text search on metadata  Advanced search using DSL Integrations across the Hadoop ecosystem, through a common metadata store  Free text search on metadata  OOtB real-time metadata and lineage ingestion with Hive, Sqoop, Storm/Kafka  APIs for custom metadata ingestion  Apache Ranger integration for classification based security Key Benefits: Modern Data Lakes need new ways to govern because: • Cost – Traditional staff ratio to data size not possible • Diversity – Only way to manage velocity of new datasets • Agility – Quick change based on tags / taxonomy
  5. 5. 5 © Hortonworks Inc. 2011 – 2017. All Rights Reserved HDP – Security & Governance Classification Prohibition Time Location Policies PDP Resource Cache Ranger Manage Access Policies and Audit Logs Track Metadata and Lineage Atlas Client Subscribers to Topic Gets Metadata Updates Atlas Metastore Tags Assets Entitles Streams Pipelines Feeds Hive Tables HDFS Files HBase Tables Entities in Data Lake Industry First: Dynamic Tag-based Security Policies
  6. 6. Privacera – Focus on Sensitive Data Protect Detect Track Discover Sensitive Data Discover Sensitive Data Track Movements of Sensitive Data Detect breach or accidental use Block user, encrypt or mask
  7. 7. What is GDPR ? o Replaces data protection directive o Harmonious rules across member countries o Applies to all companies processing personal data related to EU o EU scope o Revenue based penalties o Data subject rights o Data protection officers o Data breach notifications
  8. 8. What is Privacy Shield? “ The EU-US Privacy Shield is a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States “
  9. 9. Privacy Shield vs GDPR Source : TRUSTe
  10. 10. GDPR Awareness.. 1 in 3 Companies feel prepared for GDPR today SOURCE : Dell GDPR Survey Oct 2016 70%Business and IT professional do not know about their company’s GDPR strategy 75% outside EU respondents did not know or prepared for GDPR 97% Companies have no concrete plans for GDPR post May 2018
  11. 11. GDPR – Considerations for big data? Cybersecurity and Breach Notification Consent Profiling RTBF and data portability
  12. 12. Cybersecurity and Breach Notification What it means? How you can manage ? • Specific suggestions on security • Pseudonymisation and encryption of personal data. • Ensure the ongoing confidentiality, integrity, availability and resilience • Availability and access to personal data in a timely manner • Data breach • Personal data breach to be notified to a supervisory authority ” not later than 72 hours after having become aware of it • Engage with data protection officer and cybersecurity team • Invest in data discovery solutions • Data at REST and dynamic masking solutions • Data replication and disaster recovery
  13. 13. Consent What it means? How you can manage ? • Affirmative consent for data processing • Specific to data processing operation • GDPR requires explicit consent for special categories of personal data • Parental consent for processing children’s personal data • Right to withdraw consent • Establish a process for notice and collecting consent • Establish purpose for data processing • Leverage access control to block data where no consent is provided
  14. 14. Profiling What it means? How you can manage ? • Restrictions on processing that may be classified as profiling • Automated processing of personal data • Using the personal data to evaluate a person • Includes taking decisions or predicting an individual • Rights of subject to object or halt profiling • Notice and access. • Establish a strict process for automated data processing • For analytics involving personal data, ensure manual processing can be done • Establish consent for any manual profiling related processing
  15. 15. RTBF and data portability What it means? How you can manage ? • Right to erasure, right to be forgotten • Remove data upon request • Reasonable access to own data • Right to know purposes • Only applies if original consent was provided • Data Portability • Data subjects can receive own data • Right to transfer data to 3rd party • Right to rectify data • Invest in user centric UI to receive requests • Customer identity solution • Data discovery, classification
  16. 16. Big data security and governance checklist Coordinate with Privacy and Security teams1 Invest in user and customer identity Data discovery and classification Centralize data around consent, purpose Analyze pseudonymization, encryption options 2 3 4 5 6 Constantly monitor personal data for breaches 7 Automate data retention and recovery strategies
  17. 17. Demo Scenarios • Data classification • Collect consent • Access data based on consent provide • Dynamic anonymization • Purpose verification • Breach Notification
  18. 18. More Information… Check out these sessions Apace Atlas: Governance for your data, 4:10p, Wednesday April 5th 2017 Bridle Your Flying Islands And Castles In The Sky: Built-in Governance And Security For The Cloud,11:30a, April 6th 2017 BoF sessions – Security and Governance 5:50p, Thursday, April 6th 2017 Hortonworks Privacera send email to