Skip to content

How the Data Foundation helps you comply with the GDPR

Devoteam’s Data Foundations helps you get the most out of Google Cloud by arming you with automated data processes from the start. This article covers all available features that will help you to comply with GDPR.

Google Cloud

What is the GDPR?

The GDPR (General Data Protection Regulation) is a regulation of the European Union (EU) that governs the usage of personal data belonging to EU citizens and residents. If you consciously collect, store or use personal data of anyone alive in the EU today, then these regulations apply to your organisation. 

The GDPR defines the rights and obligations of data subjects, data controllers and data processors, and a list of hefty fines for non-compliers. The ultimate goal of the GDPR is to enhance individuals’ control and rights over their personal information and to simplify the regulations for international business. 

Devoteam Data Foundation compliant with EU GDPR

How can Devoteam’s Data Foundation help you comply?

Devoteam’s Data Foundation is a collection of industry-standard tools and best practices that lays a strong groundwork for any of your organisation’s data processing, storage or analysis tasks on Google Cloud. 

The customisable, lightweight selection of tools helps you get the most out of Google Cloud by arming you with automated processes from the start. This article covers all available features that will help you to comply with GDPR.

  1. Protection by default

The principle “integrity and confidentiality”, also known as the security principle, states you must ensure the security of personal data. Including protection against unauthorised or unlawful processing and accidental loss, destruction or damage. 

In Data Foundation this is done by a strict rule of least privilege. For all users,  a fine-grained need-to-know access policy is installed granting only permission on assets essential for the user in question. 

Resources that don’t need access to the public internet are separated from it. We minimise the possibility of intrusion by malicious users. 

All the resources in need of access to the public internet are shielded by Google Cloud security ensuring only people with the correct credentials have access to cloud assets.

2. Self-generating Data Catalog

Contrary to popular belief, the GDPR does not operate on an innocent until proven guilty basis. Companies must proactively demonstrate compliance, failing to do so renders them non-compliant.

Devoteam Data Foundation makes sure you always have a single overview of all processed information from start to finish. Meaning a single, protected overview with all data descriptions, data tags, and data transformations. 

The foundation ensures that transformation creators provide metadata and maintain consistent definitions for similar attributes across different tables, eliminating conflicting interpretations.

3. Tag-based security with easy tag propagation

Do you know if data in a table is anonymised, personally identifiable or extra sensitive? Do you know on which legal ground it was collected and for what purpose? It’s easy to lose track if you are processing lots of data. In this context the GDPR is unforgiving: using data outside out of scope is a definitive data breach.

Devoteam’s Data Foundation makes it easy to apply tags to data, stating its classification and purpose. Limiting the risks of using data outside of its original scope. Want to be extra secure? You can use tag-based security so that only people with enough clearance can see data tagged with specific tags like ‘PII’ or ‘Sensitive’.

4. Automatic data lineage

To know if you can use data products for new activation methods, like the training of AI models with Vertex AI. You need to know where the data came from to understand its quality and legal basis. 

To simplify this, the Data Foundation ensures you have an up-to-date lineage for all the data assets it maintains. This simplifies comprehension of all data sources used in a Dashboard, converting it from a time-consuming chore into a straightforward endeavour.

5. Data Retention

Under the GDPR, if data served its goal you need to delete it from the system. Most of the time this process is followed correctly for production systems, often people forget to test data used by developers. For this reason, our Data Foundation will automatically clean up unused test data of developers to save on cost and limit the chance of data leaks.

6. Region-dependent

The Cloud makes it easy to move data, which is a blessing for global organisations but a nightmare for compliance teams. For this reason, Devoteam’s Data Foundation is deployable in any of the Google Cloud regions, making sure data will never leave that region unless you explicitly want to. You are in full control of the geographical location of your data.

Data Quality

Increasing data quality brings a lot of value for organisations as it allows for drawing more valid conclusions from the data. Additionally, the GDPR safeguards this domain by granting data subjects the right to rectification. This means individuals can request corrections to their data from data processors, who are obligated to implement the changes in their data assets. Given these factors, it is crucial to maintain the highest data quality standards within an organisation. This is essential not only for sound business decision-making but also for maintaining trust and avoiding potential repercussions from data subject rectification requests.

In Data Foundation data quality is tracked by constantly performing tests on the data. In this way, you can examine your organisation’s data quality over time. Quality tests can be added and updated without effort, allowing you to customise tests for your specific use case.  

Devoteam Data Foundation

Next to its technical capabilities, Devoteams Data Foundation emerges as a foundation to navigate through the regulatory framework of the GDPR. Data Foundation goes beyond just a framework; it’s a strategic partner empowering organisations to achieve compliance, safeguard sensitive data, ensure data quality, and optimise their data platforms. It provides customised solutions tailored to address the intricacies of GDPR compliance.

Wondering about the more recent implications of the AI act?