With the May 25 implementation date for the European Union’s General Data Protection Regulation looming, Waterline Data Inc. today is unveiling the Waterline Data Discovery Platform, a data discovery tool that the company saids can dramatically accelerate the process of identifying and organizing an organization’s data assets.

The Waterline Data Discovery Platform uses machine learning to create a constantly updated virtual view of information stored in databases and other structured data stores within an organization. The GDPR Data Management Application builds upon Waterline’s existing Smart Data Catalog, which helps business analysts find, organize and classify data without information technology department involvement.

The GDPR-specific application assists data privacy officers and data stewards with issues specific to GDPR and other regulations by automatically identifying regulated subject data along with its contextual use and lineage. Integrated access control mechanisms can impose automatic processes to make data compliant, as well as generate compliance reports and workflows that align with specific GDPR articles. GDPR requires organizations of a certain size to employ a full-time data protection officer and recommends that all organizations designate people to be responsible for compliance.

When you first installed, the Data Discovery Platform scans all data in structured stores, such as databases, cloud repositories and Hadoop file systems, to identify information that is potentially covered by GDPR. “We create an audit trail to show when data was brought into compliance, what kind of data is in there, who used it for what and whether that use is permitted,” said Waterline Chief Executive Alex Gorelik. The system does not discover data in unstructured formats, such as emails and text documents.

Using machine learning, the platform can be trained to look for certain types of data, such as a policy or driver’s license number, and discover it across all data sets. The system can assist with risk assessment planning by comparing data types to those covered by GDPR, shortcutting a process that Gorelik said can take weeks in many organizations.

The platform then serves as both a discovery mechanism and access control tool on an ongoing basis after GDPR takes effect. Requests for data are validated against an organization’s compliance rules and either passed through or flagged for review. “You define a data officer and requirements for legitimate use,” Gorelik said. “If users request data for a use that isn’t defined as legitimate, that request gets routed to the appropriate data officer or application.”

The company did not disclose pricing, which Gorelik said is by data set.

Image: Unsplash