Many inky, black pixels have been rendered over GDPR. It dramatically shifts the landscape for businesses with any EU users, so there are a lot of questions about what it means in general, as well as what it takes to actually comply with it.
In this post, we’ll cover how Cockroach Labs conceives of GDPR’s major tenants (known as Data Subject Rights, which translates to “things you must do for your users”), as well as some considerations as to what it actually means for your company’s database.
What are the Data Subject Rights?
Well, there are a lot of them, but let’s focus on those that are most obvious and impactful. We’ve gathered them into a few major groups:
- Data Location & Consent: To make sure that data stays within the EU, controllers must acquire explicit consent from users to transfer user’s personal data outside the EU.
- Right to access: On request, controllers must provide data subjects confirmation as to whether or not they are processing any of the subject’s data, where and for what purpose. The controller must also freely provide a copy of any personal data in an electronic format.
- Data portability: Data subjects can transmit personal data given to them by a controller to another controller.
- Right to rectification: Data subjects can correct any erroneous personal data controllers store.
- Right to be forgotten: Data subjects can have controllers erase all of their personal data, cease distributing it, and potentially have any processors from continuing to use it. This not only applies to an explicit request from the subject, but also when the data is no longer relevant to the original purposes of processing.
- Privacy by design: Controllers and processors must design their services considering the “state of the art” to protect their customer’s data. Additionally, controllers and processors must notify users of any data compromises.
Now, let’s break down two of the most complex data subject rights mean for your database:
Data Location & Consent
One simple misgiving with this regulation is easy to dispel: this right doesn’t mean you can’t send EU user data outside of the EU. Instead, it means you must let users know what data you’re sending and how it’s to be used.
What this means for your business depends on the strategy you adopt to comply with GDPR. User notifications could range from minimal (e.g. you’re only temporarily reading data in the US for business analytics), to very upfront (e.g. primary copies of their data will be stored and read outside the EU).
The problem with the latter statement is not a technological one, but one of sentiment. For a lot of users who are understandably leery of businesses sharing and storing their data, this puts your business at a disadvantage against competitors who are more privacy-focused.
Solving the Problem with CockroachDB
To improve teams’ solutions to this problem, CockroachDB Enterprise offers a geo-partitioning feature, which lets you control the physical layout of your table’s ranges (also known as shards or partitions) using row values from the table. For instance, if you had a user base that spanned the EU and the US, you could simply create two partitions based on your user’s table country column.
This has two substantial benefits: You can confidently tell users that primary copies of their data are stored in the EU, which gives you a competitive advantage over those who store their users’ data outside the EU. By keeping data close to the user to which it belongs, you’re able to provide users low latency responses.
Privacy by design
This right has broad, sweeping implications that touch many facets of your database, but we’ll cover those that we’re aware of being most impactful:
- Connections to your database must be encrypted via SSL.
- You should limit access to your data in ways that minimizes the number of services accessing them.
- If possible, the your data and its backups should be stored using encryption-at-rest.
Note that if you read the regulation itself refers to encryption as “pseudonymization”, but they’re the same thing.
Solving the Problem with CockroachDB
Designing a secure application requires focus on many facets of your application––some of which are outside the purview of your database. That being said, CockroachDB is able to contribute to your efforts.
- CockroachDB makes securing your cluster simple through a built-in SSL tool, which makes it simple to create certificate authority, as well as node and user certificates. You can also integrate it with another tool like OpenSSL.
- You can control who has access to data through CockroachDB Enterprise’s role feature, which lets you create groups of users and control their permissions with table-level granularity.
And a whole lot more…
There are actually so many angles to consider with GDPR, we created an entire guide around bringing your app into the EU. If this post was helpful to you, there are more in-depth strategies and tactics in the guide.
Interested? Check out Scaling Your App with GDPR Compliance in Mind.
Illustration by Christina Chung.