3 – Designing data platforms for governance and compliance
How do you protect data in your organization’s analytics workload? Privacy by Design (PbD) is an approach in system engineering that takes privacy into account throughout the whole engineering process. PbD especially focuses on systems or applications that capture and process personal data. Many countries or political unions enforce data protection regulations. The main data protection regulations are: GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy), LGPD (Lei geral da Protecao de Dados Pessoasis in Brazil), POPIA (South Africa), Australian Privacy Act and DPA (UK Data Protection Act).
As an organization you must have an understanding what data protection regulations you must adhere to and implement them into your solution accordingly. If your organization operates across territories, then you must adhere to multiple data regulations.
This whitepaper covers the common themes shared amongst these regulations; however this is not an exhaustive list. Therefore you must consult your organization’s Data Protection Office to determine what additional regional and company-wide data protection and data governance requirements must be implemented.
For more details regarding the different types of data protection regulations, refer to the following:
-
POPIA - South Africa Data Privacy
ID |
Priority |
Best practice |
---|---|---|
☐ BP 3.1 |
Required |
Privacy by design. |
☐ BP 3.2 |
Required |
Classify and protect data |
☐ BP 3.3 |
Required |
Understand data classifications and their protection policies. |
☐ BP 3.4 |
Required |
Identify the source data owners and have them set the data classifications. |
☐ BP 3.5 |
Required |
Record data classifications into the Data Catalog so that analytics workload can understand. |
☐ BP 3.6 |
Required |
Implement encryption policies. |
☐ BP 3.7 |
Required |
Implement data retention policies for each class of data in the analytics workload. |
☐ BP 3.8 |
Recommended |
Enforce downstream systems to honor the data classifications. |
For more details, refer to the following information:
-
AWS GDPR Center: Introducing the New GDPR Center and “Navigating GDPR Compliance on AWS” Whitepaper
-
AWS Database Blog: Best practices for securing sensitive data in AWS data stores
-
AWS Security Blog: Discover sensitive data by using custom data identifiers with Amazon Macie
-
Amazon Macie User Guide: What is Amazon Macie?
-
AWS Key Management Service Developer Guide: What is AWS Key Management Service?
-
AWS Whitepaper: Data Classification: Secure Cloud Adoption
-
AWS Clean Rooms: What is AWS Clean Rooms