确保康泰纳仕实时数据管道符合GDPR要求.pdf

1、2024 Databricks Inc.All rights reserved2Ensuring GDPR Compliance for Ensuring GDPR Compliance for RealReal-Time Data Pipelines at Time Data Pipelines at Cond NastCond NastSarah Uludag and Emma SteinSarah Uludag and Emma SteinJune 2024June 20242024 Databricks Inc.All rights reserved2024 Databricks In

2、c.All rights reservedEuropean data privacy law that applies to the processing of personal data of all EU citizens or residents-Protection and accountability rules for data collection and processing-Defines privacy rights for data subjects,for ex:“the right to be forgotten”-Accountability:the data co

3、ntroller is response for being able to demonstrateGDPR compliance Serious implications for companies that do not comply-up to 20 million or 4%of annual revenue,whichever is greater3Key Principles of GDPR2024 Databricks Inc.All rights reserved2024 Databricks Inc.All rights reservedIdentify PIIStreami

4、ng BatchIdentifyProtectManageProtect PIIUser AddedDownstream management easy,but has some value been irreversiblylost?123AnonymisePseudo-anonymiseDo nothingDownstream management becomes easier,but has some value been reversibly lost?Downstream management becomes much harder Challenges with managing

5、personal data Manage PII5Its actually more than 3 problemsHow accurate is my detection?How do I apply it to all of my data?How do I know that its been applied?How performant is it?Do I do nothing,anonymise or pseudo-anonymise?If I anonymise,is the data still valuable?If I pseudo-anonymise,how do I k

6、now it isnt easily reversible?How do I search across all of my data?How performant is that search?How do I apply actions(right to be forgotten etc?)Who needs access to PII?123Identify PIIStreaming BatchProtect PIIManagementmuch easier,but how valuable is the data?AnonymisePseudo-anonymiseFind&action