Unifi Software, a San Mateo, CA-based vendor in the data governance space, is catching GDPR fever, and trying to keep its customers from falling ill to it. Unifi's new Compliance Data Hub with RegAlert! offering is designed to prevent business users from transgressing the European Union's General Data Protection Regulation, and to notify data stewards proactively of any data access that might jeopardize compliance.
GDPR is a big deal. It becomes enforceable on May 25th of next year and impacts any company with customers in the EU, regardless of the country in which the company itself is based. Fines for non-compliance can run up to 4% of annual revenues, or €20M, whichever is greater. Common wisdom has it that many companies won't be ready for GDPR when it takes effect, and the fear factor is high.
Being part of the solution
Unifi, then, intends RegAlert! as a tool to help companies comply. The product's approach is a simple and prudent one: block any access, in real-time, by business users to data columns that are subject to GDPR controls and notify a data steward that the access was attempted in the first place. The data steward may then grant access (on an unconditional or restricted basis, as appropriate) or formalize the access prohibition that RegAlert! asserted on a probationary basis.
RegAlert! has some nuance to it, for example, providing access to aggregated data while blocking access to data whose granularity is at the level of individual customers. This allows business analysis to proceed without undue exposure of individuals' own data. And because Unifi tracks and documents the lineage of data, it can enforce these controls, not only against original data sets containing GDPR-relevant personal data, but also data sets that are derived from those original ones. In fact, Unifi believes such derived data sets are more likely to be the subject of a data breach than would the more pedigreed source data sets.
Observe, verify and act
As companies careen into the GDPR jungle, a provisionary approach to compliance is in order. Companies haven't even visited this strange land yet, and tourists can't pretend to be as well-oriented as locals. Software that alerts and prevents potential violations of the regulatory regime is likely more appropriate than tools which treat specific transgressions in particular ways. This will allow companies to get a "feel" for what patterns of non-compliance may emerge, and to devise procedures for preventing and adjudicating such violations, should they occur.
Within the world of data governance, Unifi has a distinctive approach. It combines data catalog features and functionality with those of data preparation, thus combining observational functionality with more proactive, even invasive, modification of data. RegAlert! takes a similar approach, this time to compliance: it doesn't just note a potential non-compliance event, it prevents it and notifies personnel of authority to respond, so business processes can proceed, even as data is appropriately protected.