1.
Big Data Warehousing Meetup
General Data Protection Regulation
GDPR
October 11, 2017

2.
About Caserta
 Data Intelligence Consulting and Modern Data Engineering
 Data Lakes, Data Laboratories, Data Warehouses
 Award-winning company for Data Innovation
 Data Science, Machine Learning, Artificial Intelligence
 Internationally recognized work force
 Keynote Speakers, Educators, Mentors
 Strategy, Architecture, Governance, Implementation

3.
Strategic Partners

4.
Corporate Data Pyramid

5.
GDPR Cannot be Ignored
 GDPR Compliance Top Data Protection Priority for 92% of US Organizations in 2017
- PwC Survey
• The GDPR requirements will force U.S. companies to change
the way they process, store, and protect customers’ personal
data.
• Companies must be able to show compliance by May 25,
2018
• A data protection officer (DPO) may be required

6.
GDPR in a Town Near You
 New York legislature, inspired by the GDPR, proposed the
Right to be Forgotten Act,.
 GDPR will continue influencing privacy regulations across
the globe
 Companies that comply with the GDPR will be better
prepared for future changes in U.S. legislation.

7.
Data Elements Regulated
 Basic identity information such as name, address and ID numbers
 Web data such as location, IP address, cookie data and RFID tags
 Health and genetic data
 Biometric data
 Racial or ethnic data
 Political opinions
 Sexual orientation

8.
The Technical Challenge
“Delete all my personal data without undue delay when it is
no longer necessary or when consent has been withdrawn”
 Legal: Right to Erasure or Right to be Forgotten
 Engineer: Need the ability to delete some specific subset
or all data associated with a customer from all data
systems

9.
More GDPR Technical Goals
 The pseudonymisation and encryption of personal data.
 The ability to ensure the ongoing confidentiality, integrity,
availability and resilience of processing systems and services.
 The ability to restore the availability and access to personal data in
a timely manner in the event of a physical or technical incident.
 A process for regularly testing, assessing and evaluating the
effectiveness of technical and organizational measures for ensuring
the security of the processing.

10.
GDPR Three-Legged Stool
 Metadata
 github.com/linkedin/wherehows
 Data Access
 Something Similar to DALI (Data Access LinkedIn)
 Data Lifecycle Management
 gobblin.apache.com

11.
GDPR Tips
 Bake Data Privacy into the Design
 Encrypt the Data, Implement Access Control Governance
 Enable Fine Grain Access Control (FGAC)
 Keep Inventory of Data and Processes
 Document how data is collected, purged
 Record or detect Data Lineage
 Potentially Hire Data Protection Officer
 Or Consultants to establish GDPR Strategy & Execution Plan

12.
Thank You
 Joe Caserta, President
 joe@casertaconcepts.com
 Twitter: joe_caserta