The European Union’s General Data Protection Regulation (GDPR) states that individuals have the right to ensure their personal data is private and protected.
So why is everyone taking GDPR so seriously? Because penalties for GDPR violations are costly, amounting to the higher of twenty million euros – or four percent of worldwide sales – for each breach of the new regulations.
European regulators demonstrated their commitment to enforcing EU data regulations with the 2.4 million euro fine they levied against Google in June 2017 for anti-competitive search-engine practices.
In this series on GDPR compliance, we’ll break down how companies can best achieve compliance with the EU’s new privacy regulations using the power of graph database technology. Last time, we discussed the challenges and problems with personal data.
This week, we’ll take a closer look at why graph database technology is the best fit for overcoming the challenge of GDPR compliance.
Graph Databases Are the Right GDPR Foundation
Personal data seldom travels in a straight line and instead follows an unpredictable path through the enterprise.
That path is best visualized as a graph, so it’s not surprising that GDPR personal data problems are best addressed by a graph database. Graph technology is designed for connected-data applications like GDPR in which data relationships are as important as the data itself.
As the #1 platform for connected data, Neo4j includes powerful data visualization tools that enable you to model and track the movement of sensitive data through your systems. So you can provide easy, clear answers about personal data to:
- Regulators who demand proof of GDPR compliance
- GDPR-mandated Data Protection Officers and internal staff responsible for preserving data privacy across all your systems
- Individual consumers who ask what you know about them and how you are using that data
Why Graph Technology Is Superior for GDPR
The complex data lineage problems posed by GDPR are impossible to solve with relational databases (RDBMS) and most NoSQL technologies. A modern graph database platform like Neo4j is a superior foundation for addressing the connected data requirements of GDPR compliance.
RDBMS Cannot Handle Connected Data
Relational database technologies are built for managing highly structured datasets that change infrequently and have minimal numbers of clear connections. To connect all your operational GDPR data, you need a colossal maze of JOIN tables and many thousands of lines of SQL code.
Those queries require several months to develop and are nearly impossible to debug and maintain as you add more systems and data relationships. Most importantly, queries of such complexity can take an eternity to execute and can easily hang your server.
Non-Native Graph Technologies Break Down
Some NoSQL and relational databases claim to have graph capabilities. In reality, they have cobbled a graph layer onto their non-graph storage models. These non-native approaches inevitably omit key system connections and break personal data lineage, making them easy targets for GDPR regulators.
Neo4j is a native graph database that stores and connects data as a graph — just as you visualize it on a whiteboard — making Neo4j the ideal technology for GDPR compliance.
A Picture Is Worth a Thousand Words: Proving GDPR Compliance
The ultimate test for any technology is its ability to satisfy regulators and consumers that your organization is GDPR-compliant.
Traditional approaches produce tabular results that are hard to follow. In contrast, Neo4j produces simple, easily understood pictures of how personal data flows through all your systems.
The mandates of GDPR are looming on the horizon and your enterprise can’t afford to be caught violating these new privacy regulations. But, you also can’t afford to use the wrong technology to tackle this compliance challenge.
Even if you manage to remain compliant with a sub-optimal technology, choosing a wrong fit could cost you millions in implementation costs and months to years of development time – time you don’t have since GDPR goes into effect in May 2018.
Instead, the case is clear: In order to achieve and maintain GDPR compliance, you need a native graph technology platform that allows you to change your data model as compliance regulations and business requirements change (hint: they always do).
Next week, we’ll outline four steps to GDPR compliance using graph technology.
Read the White Paper
Catch up with the rest of the GDPR compliance blog series: