Cloudera provides a unified platform to assist with security and governance of customer personal data, with the ability to detect breaches, apply controls, review data lineage and perform audits as part of a GDPR compliance program.
Compliance without complexity
GDPR imposes extensive requirements on organizations which can be very difficult to manage across multiple data silos. When you modernize your architecture by migrating data onto Cloudera’s platform, you get a unified security and governance model that may help to make compliance maintenance more straightforward.
Cloudera’s Shared Data Experience (SDX) is the common layer of security, governance and metadata, wherever your data reside—on premises or in the cloud, on any type of storage. SDX components map to the GDPR requirements as follows:
Integrity and confidentiality
Comprehensive encryption and key management with SDX components Cloudera Navigator Encrypt and Ranger KMS. Maintain control of your encryption keys even in a cloud deployment.
Accountability
Comprehensive audit trail based on Apache Ranger access logs and visualized in SDX’s Data Catalog.
Lawfulness, fairness, and transparency
Classify/tag and track lineage of personal data elements with Apache Atlas, a component of SDX. Your Data Privacy Officer (DPO) can determine exactly where specific customer personal data reside and apply the appropriate controls or produce reports for audit.
Purpose limitation
Fine-grained authorization and redacted data views with Apache Ranger. Your DPO can review how data was used in SDX's Data Catalog based on Ranger access logs.
Accuracy
Apache Kudu can help with fast updates of individual records.
Storage limitation
Apache Kudu can assist with fast erasure of individual records.
Data minimization
Removing or anonymizing data where possible. Integral parts of SDX, Apache Atlas and Apache Ranger can help with tagging the data that can be accessed and imposing a time limit for such access.
Partners
Cloudera has a strong ecosystem of partners that provide additional tools for all your GDPR needs: granular data masking, cataloging, anonymization, and pseudonymization.
