Once upon a time (2017), in an office far far away, you may have been cornered in a conversation with someone from Legal about GDPR. It could have gone something like this: “You there, Data Engineer” “Yep, that’s me” “What PII do we have residing in this Apache Kafka database?” You probably mumbled something about Kafka not being a database. “And who can read/ write the data?

The growth of data has been exponential. By 2023, it's anticipated that approximately 463 exabytes (EB) will be created every day. To put this into perspective, one exabyte is a unit equivalent to 1 billion gigabytes. By 2021, 320 billion emails will be sent daily, many of which contain personal information. Data collected around the globe contains the type of information that businesses leverage to make more informed decisions.

For public and private entities, data collection is a way of life. That fact has led to the proliferation of common regulations to protect consumers and individuals from unacceptable use or storage of their private data. But it's not just data collection laws companies have to adhere to. There are many US-based and international statutes that put constraints on how they do business. What follows summarizes the most common regulations and how they can affect the work you do, day to day.

Personal Identifiable Information (PII) has become a headache for most digital-first businesses in recent years. Everyone agrees we need rules to keep personal data safe, but there’s no universal PII Data Protection Act we can all follow. Instead, there is a worldwide patchwork of regulations, many of which have global implications. Sweden is one of the pioneers in data security laws.

Canada is poised to become a world-leader in privacy regulation and with new regulation comes record-breaking fines for those who can’t keep up. In November, Canada introduced the Digital Charter Implementation Act. If passed, companies could face fines of up to five percent of global revenue or $25 million CAD — whichever is greater — for violating Canadians’ privacy.

In the first part of this series, I explained what is DSAR and why the organizations should care about it. Now, let’s take a look at how the process can be perceived by the customers. Our recent GDPR benchmark research shows that the road can be tortuous.

CCPA is the latest regulation which should be a concern for all companies with California residents in their databases. There are less than 90 days left to be ready to comply with CCPA, on top of the other regulations.

In January, I’ll start a new game: ask a company to retrieve all the information they have about me in less than 45 days. One of the requirements of CCPA, is to be able to reply to a customer request to have access to all the data you have about them in less than 45 days. These are called the Verifiable Customer Requests. You may be able to complete 10, 20 replies. But what if you received 10 every day? What does it take to keep your customers happy and being compliant?

May 25, 2019 marked the one-year anniversary of the European Union’s (EU) General Data Protection Regulation (GDPR) coming into full effect. This milestone serves as a timely reminder for any business in the EU or doing business with EU residents on both the implications of failing to protect data and the procedures needed to prevent this from happening.

5 ways to become a better data custodian under GDPR