The European Union approved a new General Data Protection Regulation (GDPR) in late April 2016, which will come into effect in May 2018. This regulation will require companies to adopt a comprehensive data governance approach, including data profiling, data quality, data lineage, data masking, test data management, data analytics and data archival.
The data protection reach will extend to genetic data, email and IP addresses, to name a few. Also, users will have finer-grained rights on the protected data kept by companies. Explicit consent will be required for an organization to use individual pieces of information such as email or phone number, and their combined use will also require explicit consent.
InfoQ talked with Immuta’s Andrew Burt, chief privacy officer and legal engineer, and Steve Touw, chief technology officer, to better understand the implications and challenges of the GDPR.