Teradata GDPR Compliance: Avoiding Dead Ends
How to avoid dead ends when trying to meet GDPR requirements on Teradata
Teradata environments are highly complex, hence choosing the right approach to address GDPR is critical for saving precious time and resources would not go to waste.
There are two main approaches for addressing GDPR requirements:
- Protection at-rest by encryption
- Protection at-motion by dynamic anonymization and logical deletion.
One of our customers has previously spent 6 month trying to go with the encryption at-rest approach, before understanding that this has been a painful dead-end.
Why is encryption at-rest a dead-end?
Teradata is a microcosm of IT. It includes both batch and on-line processing. Static and stable environments (EDW) and highly dynamic and changing ones (UDBs) where performance and functionality cannot be degraded. Encrypting or tokenizing even a few columns in Teradata will have unknown consequences to performance and functionality to an amalgam of reporting tools, on-line processing (e.g., campaign management applications such as Unica), as well as numerous ETL extractions to various sources and targets. This is because these encrypted columns might be accessed using different conditions (running a ‘like’ or ‘between’ condition on an encrypted column requires full column decryption which can bring the Teradata to its knees), or simply copied where the target is expecting clear decrypted values.
Also, encryption will cause unknown implications to UDBs containing encrypted columns unintentionally.
Why do dynamic anonymization and logical deletion provide the required balance between compliance and operations?
By moving the enforcement point from the Teradata tables to the data-flow, controls can be put in place without affecting the Teradata platform serviceability. Putting an overlay on the reporting applications, BTEQ, FastLoad and analytics tools delivers real-time monitoring, auditing, data-access minimization and data-subject rights.
No negative implications can occur on operational processing on Teradata nor data-flows to adjacent targets while sustaining expected performance levels.