After many months of anticipation, preparation and sometimes panic, the European Union’s General Data Protection Regulation went into full effect today.

GDPR is a legal framework for processing, movement and use of personal data in the EU, with allowances for data transfers outside the union. It is already having major impact on how global enterprises store, share and use customer data. It applies to any business headquartered in any country that interacts with European citizens. It will impose significant financial penalties — including up to 4 percent of company revenues — for failure to protect the right to privacy contained in the EU’s charter.

GDPR is a multilayered compliance initiative for enterprises. To address the regulation’s many facets, data management solution providers are delivering new solutions and enhancing existing offerings to address the many challenges their customers are now facing.

To give a sense for how diverse these solutions are, and to help enterprises recalibrate their next steps in compliance with this mandate, here’s a quick roundup of GDPR-focused offerings that have been featured in SiliconANGLE over the past several months:

• Comprehensive data privacy protection: GDPR requires that enterprises embed privacy protection and compliance into their core data management platforms. This week, Informatica announced general availability of an AI-driven data discovery and remediation solution that it had preannounced last month. The solution helps enterprises to automatically discover new and existing personally identifiable information, or PII, and other data assets across hybrid clouds, identify and mask sensitive data, and perform risk analyses to determine effective courses of remediation. It embeds metadata-driven AI to provide data managers with recommendations for automating and accelerating privacy and security workflows. And it integrates with customers’ investments in existing Informatica solutions, including Enterprise Data Catalog, Informatica Data Quality, Axon Data Governance and Secure@Source.
• Data stewardship automation: GDPR requires an automated workflow for stewardship of PII assets across the enterprise. Recently, Hortonworks announced Data Steward Studio, a new software-as-a-service offering that helps enterprises to automate their GDPR-compliance processes. The new offering, slated for general availability later in this quarter, is a component of the larger Hortonworks DataPlane Service family of services for managing complex big-data multiclouds. Data Steward Studio supports automated discovery, cataloguing and maintenance of detailed records of the personal data that an enterprise stores and manages across one or more data lakes in private, public or hybrid clouds. It also provides a secure, comprehensive environment for subjects to access and review their personal data wherever it is stored. It automates disclosure to PII subjects on why the enterprise is processing their PII data, where they got it from and are sending it to, when they will delete the data, why they need to retain it until that time and what rights the subjects have over that data. It enables subjects to register or withdraw their specific, informed and unambiguous consent to varying levels of processing, use and transfer of that data. It automates execution of subjects’ consent to processing, use and transfer of the data, as well as their requests to erase all or some of it, to withdraw consent to various uses or restrict profiling and processing. And it enables enterprise data administrators to search, catalog, classify, tag and manage data globally based on origin, value, protection level, sensitivity or functional use, as well as other descriptive metadata. Data stewards can analyze data lineage and impact. They can also secure both the personal data and associated metadata in keeping with enterprisewide authorization, data protection and anonymization policies.
• Personal data record keeping: GDPR requires that companies keep detailed inventories of all personal data that they hold and process, as well as records on all processing of that data, so that they may assess the extent of their obligations under the regulation and implement appropriate safeguards and controls. That can prove tricky, especially considering how widespread this data is, how many forms it can take and how its scope may grow inadvertently as it’s correlated and processed in new contexts. The big-data catalog vendors, such as Hortonworks Inc. and Informatica LLC, are putting a big emphasis on their platforms’ role in GDPR compliance. Another company addressing this is Dataguise Inc., which recently announced a software-as-a-service version of its existing DgSecure Detect solution that automatically scans and detects all enterprise-held personal data that must be protected, erased or disclosed to data subjects upon request under GDPR. The new version now also supports detection of sensitive personal information managed in Amazon Web Services Inc. public cloud data services. It also provides authorized enterprise personnel with single-click access to view a list of databases available to them, then allows them to select those they want to scan for sensitive and personal data. It provides built-in configurable policies to help enterprise compliance personnel determine what types of data to look for and when.
• Personal-data subjects’ informed consent: GDPR requires informed, specific and unambiguous consent from data subjects on use of their personal data and requires subject consent, and the ability to withdraw consent, on uses of that data. One vendor addressing this is Pegasystems Inc., which recently announced a solution that provides customizable templates for processing customer requests for access, rectification, erasure and other rights recognized under GDPR. The templates, which integrate with the vendor’s customer engagement and application-development products, accelerate creation of automated GDPR request portals that securely retrieve customer data and orchestrate the requests across distributed enterprise systems.
• Strong authentication on personal data processing: GDPR requires strong authentication to verify identity before legitimate processing of personal data can take place. One company addressing this is Artificial Solutions, which recently announced a solution that supports strong authentication in applications with AI-driven conversational user interfaces running in multiple devices, operating systems and geographies. Specifically, the company is emphasizing that its solution can be configured to comply with GDPR’s stringent security requirements, such as streamlining the query and analysis of personal data gathered through conversational user interfaces and the ability to create pseudonyms of this data that can be used for statistical analysis even when the information has been deleted in compliance with a company’s GDPR policy.
• Enterprisewide personal-data discovery: GDPR compliance requires the ability to rapidly discover, identify and organize an enterprise’s PII assets. Recently, Waterline Data Inc. launched a tool that uses machine learning to create a constantly updated virtual view of PII and other data stored in databases and other structured data stores within an organization. Its GDPR Data Management Application builds upon Waterline’s existing Smart Data Catalog, which helps business analysts find, organize and classify data without information technology department involvement. The GDPR-specific application assists data privacy officers and data stewards with issues specific to GDPR and other regulations by automatically identifying regulated subject data along with its contextual use and lineage. Integrated access control mechanisms can impose automatic processes to make data-compliant, as well as generate compliance reports and workflows that align with specific GDPR articles. GDPR requires organizations of a certain size to employ a full-time data protection officer and recommends that all organizations designate people to be responsible for compliance. Using machine learning, the platform can be trained to look for certain types of data, such as a policy or driver’s license number, and discover it across all data sets. The system can assist with risk assessment planning by comparing data types to those covered by GDPR, shortcutting a process that can take weeks in many organizations.
• Flexible zone-based storage of personal-data record keeping: GDPR requires protected storage for EU citizens’ PII. Cloud content management firm Box Inc. debuted the ability for its customers to store the same data in multiple “zones” around the world while users can collaborate on the files across those zones. The capability builds on Box’s 2016 introduction of Zones, which enabled customers to store their data in one of now seven zones around the world, such as the U.S., the U.K. and Japan. This helps companies to comply with rules for various kinds of data in highly regulated industries such as healthcare or in countries or regions, such as EU under GDPR, with specific data privacy requirements, so the data needs to be stored in a particular region. Box also provides such services as GDPR readiness and Box KeySafe to give administrators visibility of control over data and Box Governance, which helps in complying with data retention policies and other issues.
• Continual PII compliance in transactional systems: Most PII is created and managed in transactional systems, such as sales, marketing and customer relationship management, to ensure GDPR compliance for some of its most popular enterprise transactional applications. Microsoft Compliance Manager works with Microsoft’s Dynamics 365, Office 365 and Azure cloud to ensure that an organizations’ data in those services meets core GDPR requirements. It generates a “Compliance Score” for each Microsoft cloud service an organization uses. It enables customers to perform ongoing scoring of risk assessments on Microsoft Cloud services. Microsoft also released Azure Information Protection scanner, which allows customers to create policies to discover and classify documents that don’t comply with GDPR standards.
• Fine-grained controls on personal-data transfers: GDPR requires assurance that cross-border and other transfers of personal data take place only if all parties to the transfer comply with its obligations. One vendor addressing this is Cockroach Labs Inc., which recently released version 2.0 of its open-source distributed database, which has tools for building global data structures, partitioning data by subjects’ geography and enforcing granular controls on data replication by region at the database, table, row and column levels. This enables data originating from specific countries to be accessible only within that country.
• GDPR-compliant blockchains: Building GDPR-compliant enterprise blockchains can be tricky, especially when it comes to addressing the immutability of PII on blockchains. BDO USA LLP and IntraEdge Inc. have announced the launch of a GDPR-compliant distributed ledger blockchain solution called GDPR Edge. The new solution will run on Intel’s Software Guard Extensions, a hardware- and software-based application platform designed to provide secure computing with Intel processors, and Microsoft will integrate its Azure cloud platform and business intelligence offerings for enterprise clients. GDPR Edge is built for highly complex environments that need to digest a large number of data sources, customer touch points and multiple point-of-sale systems such as retail stores, websites and mobile apps. The platform will support the rights of data users, a fundamental part of the new regulation, and will do so with a portal that allows individual subjects to review the collected personal data, modify it or request removal. If an individual makes a request at the portal to modify that information, it kicks off an automated series of actions that record changes and then communicate confirmation of requested changes in a secure manner back to the individual.

Finally, here’s a quick list of GDPR-compliance relevant interviews that have been on theCUBE in recent months:

Image: TheDigitalArtist/Pixabay