GDPR Data Compliance with Streamdal

We're updating our documentation, so the presented info might not be the most recent.
Beta

The data compliance features of Streamdal are currently in beta, and being tested with a select group of contributors, companies, and design partners. If you would like to participate in the beta, please reach out to us.

The General Data Protection Regulation (GDPR) is a European regulation designed to protect the personal data rights of people and how their data is processed. It also regulates the movement of data. Using Streamdal, and applying all of its core components to new or existing data pipelines, will greatly simplify compliance requirements for GDPR.

Streamdal’s Approach

You can leverage Streamdal for:

Data Minimization & Accuracy: Rules can be applied to data for content and format requirements. You can get alerted on or notified when data contains more sensitive information than what is necessary, or on attempts to pass through restricted compliance boundaries.

Data Policy & Processing Enforcement: Regardless of how data needs to be handled, such as obfuscating/pseudonymizing PII, you can define rules to enforce your policies and processes.

For everything else, you write functions - which compile down to Wasm, so you can use a variety of languages to get the job done!

Data Governance Automation: With Streamdal you can define rules, policies, and validation for data once, and apply them limitlessly as pipelines across your systems.

Whenever data needs to move, or whenever new data sources and destinations are introduced into production, existing rules and pipelines can be applied along with whatever new data governance rules you need to attach.

Coming Soon: A visual guide on setting up GDPR-specific rules in the Console UI.

Regulatory Insights

We wanted to make researching the relevant data regulations easier and give a better idea of where Streamdal could be the most impactful for your organization. In most cases, the combination of the observability and data governance capabilities will ensure successful compliance.

While more articles could be applicable, below are four taken from the GDPR1 along with how Streamdal can help with data compliance:

ArticleHow Streamdal helps comply
Article 5: Principles relating to processing of personal dataStreamdal can enforce rules on data to reject, alert, or operate on data if it contains more personal information than what is necessary, ensuring data minimization. It can also enforce rules about the format and content of messages, ensuring data quality and accuracy.
Article 17:
Right to erasure (‘right to be forgotten’)		You can write rules to ensure that time-bound data, or data with specific retention periods, are not accidentally reintroduced into production or development environments after it was supposed to be deleted.
Article 25:
Data protection by design and by default		Streamdal can help ensure privacy considerations are integral to your data handling processes.

You can enforce policies like pseudonymizing personal data and limiting data exposure (i.e., PII processed and used for a specific data analytics use-case is only used by that specific service and not accidentally replicated into other systems or services).
Article 32: Security of ProcessingStreamdal can contribute to the security of processing personal data by providing monitoring and alerting capabilities that could detect potential security incidents. You can write rules that govern compliance boundaries, which will ensure only specific producers and consumers can interact with data therein.
Information

Did you know:

GDPR mandates using encryption or pseudonymization whenever feasible2.

Footnotes

  1. European Parliament, & Council of the European Union. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR) [Articles 5, 17, 25, 30, 32]. EUR-Lex. https://eur-lex.europa.eu/eli/reg/2016/679/oj ↩

  2. GDPR.EU. (n.d.). GDPR checklist for data controllers: Data Security. https://gdpr.eu/checklist/ ↩