With just over a month until the European Union’s (EU) General Data Protection Regulation (GDPR) goes into effect, Facebook is moving its data controller entity from Facebook Ireland to Facebook USA, keeping more than 1.5 billion users out of the reach of the European privacy law. Mark Zuckerberg, who promised to apply the “spirit” of the legislation globally, is moving users located in Africa, Asia, Australia, and Latin America to sites governed by US law rather than European law.
Clearly, May 25—the day GDPR goes into effect—is a pivotal day that will have a global ripple effect well beyond Europe. It will impact how we manage and use data across the world in the Extreme Data Economy.
It does not, however, need to be viewed as a regulatory “tax” to avoid. As companies embrace business differentiating innovations, such as GPU databases, they can simultaneously meet the key requirements of GDPR.
Need a primer on a GPU database? Read a quick overview here.
The GDPR “was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy.” GDPR covers the entire EU and explicitly states that companies that fail to comply with the regulation are subject to a penalty up to 20 million euro, or 4% of global revenue, whichever is greater.
A major misconception is that the regulation applies to EU companies only; in actuality, the regulation applies to any company holding data from EU citizens.
With regards to an enterprise data strategy, there are a number of key considerations that must be addressed, including data profiling, the right to be forgotten, automated personal data processing, data pseudonymization, and data breaches. Each of these areas demands healthy consideration, balancing privacy concerns against innovation.
The GDPR exists because enterprises have not been thoughtful enough around data privacy, forcing governments (like the EU) to mandate change. Many of their offenses are much less dramatic than the salacious stories around companies like Facebook and Cambridge Analytica.
The GDPR forces us to think creatively about how to reconstitute the business to comply with regulation. Savvy enterprises will figure out how to meet these requirements by combining these efforts with new data innovation investments.
For instance, NVIDIA (NVDA) GPUs are redefining how companies translate data into insight, leveraging the massive parallel processing power of GPUs rather than CPUs. This has created a new category of GPU infrastructure, including a GPU database, to revolutionize data practices.
From a business perspective, GPU database technology accomplishes several things. A GPU database dramatically accelerates analysis of billions of rows of data, with an in-memory GPU architecture that speeds parallel processing. It can deliver results in milliseconds. It provides near-linear scalability without the need to index. It can take geospatial and streaming data and turn it into visualizations that reveal interesting patterns and business opportunities, capitalizing on the GPU’s particular aptitudes, including rendering the visuals themselves. GPU databases have seamless machine learning capabilities, enabling organizations to easily leverage Google’s popular Tensorflow and other AI frameworks via User Defined Functions that analyze the complete set of data. In short, the GPU foundation is a massive opportunity to build a data-powered architecture that not only allows businesses to do more with data, but also helps align with GDPR regulations.
A GPU database can also help a business comply with GDPR regulation:
- Breach Notification. A key requirement of GDPR is for a business to notify relevant authorities of data breaches within 72 hours of becoming aware of an attack. GPU databases arm businesses with the ability to do brute force analysis of billions of rows of data in real-time. The power of the GPU database is the ability to not only look at batch data, but also real-time streaming data. It provides organizations with blazing-fast analytics, the ability to conduct more complex analysis than traditional BI tools, and a “bigger brain” to run machine learning algorithms across constantly changing data sources. In short, the GPU database provides a more powerful means to assess risk of breach, making it easier to identify breaches and remediate within shorter periods of time.
- Bias & Profiling. The GDPR prohibits using personal data that “reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.” Data scientists analyzing data involving personal data can no longer work on homegrown data science platforms built “off the grid.” Given that a GPU database architecture enables data scientists to access a centralized engine where data is managed, businesses can eliminate data science sprawl and implement a centralized data architecture and workflow for governance.
- Data Lineage & Auditability. Under GDPR, data scientists must be able to identify where data is generated and provide an audit trail of where it resides. With a GPU database architecture, data can be assigned a unique identifier and an audit trail can be produced identifying the in-memory GPU where data is pinned. This enables businesses to track the data lifecycle and maintain a comprehensive audit trail of where it was used.
- 360-Degree View of Business. In order to meet GDPR obligations, you need to know, at all times, what sensitive data you are collecting and all the places it is stored. A GPU-database allows companies to visualize, analyze, and generate insight around batch data, streaming data, IoT data, location-based data, and many other unpredictable sources. The ability to visualize the business in motion is critical to understanding how data is used across all divisions. This 360 degree view is critical to properly understanding an organization’s holistic data strategy and to identify anomalies. It also enables a business to more easily watch and track incoming personal data to address key GDPR requirements such as the right to be forgotten. Given the complexity of GDPR, it is critical that businesses paint a picture of where data is used and resides so they have the agility to address GDPR issues as they arise.
- Reduce attack surface with GPUs. A single NVIDIA Deep Learning System has 81,920 CUDA cores. The equivalent number of cores on a CPU would require 1,280 servers (81,920/64). The wider your attack surface for managing data, the more complex and challenging it is to meet GDPR requirements. Using GPUs to drive data consolidation simplifies the data architecture and makes it easier to be GDPR compliant.
The GDPR brings new responsibilities to organizations that store and process personal data. The journey to compliance should not be viewed as an effort to avoid penalties. It is an opportunity to reconstitute an organization’s data strategy so that they can profit from the Extreme Data Economy.
Editor’s Note: This article was originally published on Forbes on 5/1.