3 – Designing data platforms for governance and compliance

How do you protect data in your organization’s analytics workload? Privacy by Design (PbD) is an approach in system engineering that takes privacy into account throughout the whole engineering process. PbD especially focuses on systems or applications that capture and process personal data. Many countries or political unions enforce data protection regulations. The main data protection regulations are: GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy), LGPD (Lei geral da Protecao de Dados Pessoasis in Brazil), POPIA (South Africa), Australian Privacy Act and DPA (UK Data Protection Act).

As an organization you must have an understanding what data protection regulations you must adhere to and implement them into your solution accordingly. If your organization operates across territories, then you must adhere to multiple data regulations.

This whitepaper covers the common themes shared amongst these regulations; however this is not an exhaustive list. Therefore you must consult your organization’s Data Protection Office to determine what additional regional and company-wide data protection and data governance requirements must be implemented.

For more details regarding the different types of data protection regulations, refer to the following:

GDPR - General Data Protection Regulation Center
CCPA - California Consumer Privacy Act
LGPD - The General Data Protection Law
POPIA - South Africa Data Privacy

ID	Priority	Best practice
☐ BP 3.1	Required	Privacy by design.
☐ BP 3.2	Required	Classify and protect data
☐ BP 3.3	Required	Understand data classifications and their protection policies.
☐ BP 3.4	Required	Identify the source data owners and have them set the data classifications.
☐ BP 3.5	Required	Record data classifications into the Data Catalog so that analytics workload can understand.
☐ BP 3.6	Required	Implement encryption policies.
☐ BP 3.7	Required	Implement data retention policies for each class of data in the analytics workload.
☐ BP 3.8	Recommended	Enforce downstream systems to honor the data classifications.

For more details, refer to the following information:

AWS GDPR Center: Introducing the New GDPR Center and “Navigating GDPR Compliance on AWS” Whitepaper
AWS Database Blog: Best practices for securing sensitive data in AWS data stores
AWS Security Blog: Discover sensitive data by using custom data identifiers with Amazon Macie
Amazon Macie User Guide: What is Amazon Macie?
AWS Key Management Service Developer Guide: What is AWS Key Management Service?
AWS Whitepaper: Data Classification: Secure Cloud Adoption
AWS Clean Rooms: What is AWS Clean Rooms

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Security

BP 3.1 – Privacy by Design