Data Engineering
Platform Engineering
  • Terraform
  • Kubernetes
  • Ansible
  • Docker
  • Elastic
Software Engineering
  • Spring
  • React
  • Python
  • Scala
Data Governance
Data Privacy
Scopri

Overview

Digital evolution has brought several improvements: the volumes of personal data collected, their diffusion across corporate systems and the opportunities generated in order to produce personalized customer experiences.

At the same time, the regulatory obligations for personal data managers have also increased (e.g. GDPR, IVASS Regulation no. 38/2018, Bank of Italy Circular 263 and 285, etc. ..).
A correct management of this data is therefore crucial to avoid economic and reputational damage due to improper use.

Data privacy aims to de-identify the data management through various anonymisation techniques in order to allow its use while reducing the regulatory constraints that need to be observed in order to be compliant.

Challenges

Among the main problems related to the lack of data privacy management we can find:

  • High risks of sanctions for non-compliance in the processing of personal data
  • Limits on the use of collected data to avoid sanctions
  • Reputational risks due to public evidence of misuse of collected personal data
4%
is the percentage of turnover
that defines the ceiling for the regulator's combined penalties for non-compliance with GDPR rules
GDPR.eu (2021)
97%
of companies expect an increase
in data privacy spending in the coming year, with an average increase of 50%
IBM (2020)
79%
of Americans are not entirely sure
whether companies would admit mistakes or take responsibility for misuse or compromise of their personal data, and 69 per cent express doubts about their data being used for purposes they would welcome
Pew Researcher Center (2019)

Solution

The cloud data platform exploits the peculiarities of the cloud to acquire, transform, store and make accessible a potentially unlimited amount of data, reducing operational costs and increasing development agility.

Once acquired in batch or real-time mode, the data is stored and consolidated within the data lake by on-demand integration processes.

On top of the data lake consisting of a scalable and cost-effective storage system (i.e. object storage), query engines are grafted to access the data. Depending on the type of access pattern, it is possible to have different types of query engines.

It is also possible to have a data visualization tool to provide analytical consumers with a single semantic data access layer, thus masking the underlying fragmentation into multiple query engines.

The full route

1. Foundation
Infrastructure setup; at-rest encryption of all data; de-identification for entities containing higher risk information for a limited set of personal data types (e.g. email and credit cards)
2. Govern
Integration with governance tools for defining data types and protection requirements; use of discovery tools for data whose type of information is not known in advance; drill-down of roles to specify Row-Level and Column Level security rules for each entity
3. Expand
Expand coverage to other entities and data types

Technologies

Privacy management platforms centralise de-identification techniques such as encryption, tokenisation and pseudonymisation to be applied to sensitive data

Virtualisation or federated query engines also centralise data access policies according to user role

Optionally, before protecting data with Data Privacy tools, it is possible to use tools for automatic discovery of sensitive data

The governance tool tracks all data assets in the data catalogue. For each asset, it is possible to define its category by specifying, for instance, whether it is personal data to be secured

The governance tool allows, thanks to the business glossary, to trace back from a logical entity to its physical version that can be used for the processing of interest

Analytical consumers access de-identified data by seeing only those they are entitled to access. Depending on the role and type of processing, some users also have the possibility of re-identifying data of interest

Benefits

Greater trust of data sharers
Greater control over data
Reduced risk following a critical data privacy event
Reduction of risks related to sanctions for compliance violations
Events
Replay
Hybrid Event
IKN Utility Day 2021
Data e ora: 24/11/2021

Quantyca participated in IKN – Utility Day, the November Main Conference focusing on the map of digital, cultural and technological transformation of Italian Utilities. Francesco Gianferrari Pini, Co-Founder of Quantyca...

Replay
Video Talk
CDO – Chief Data Officer 2021
Data e ora: 30/06/2021

Quantyca took part in CDO 2021, the event organised by IKNItaly, with a talk by Andrea Gioia, CTO & Partner Quantyca, in which he addressed the challenges of IT in...

Resources

Blog
Free
07/07/2022

Il Data Mesh e il consumo self-service dei dati come prodotti

Blog
Free
11/05/2022

L’esigenza di governo nella gestione dei dati

Blog
Free
14/04/2022

I principi di un moderno Data Management

Slide
Free
15/06/2021

Quality & Governance nell’evoluzione della Data Platform – IKN Utility Day

Video
Free
30/06/2021

Intervista ad Andrea Gioia, CTO & Partner Quantyca – IKN CDO 2021

Slide
Free
30/06/2021

Ripartire dai dati ponendo le integrazioni al centro della propria strategia – IKN CDO 2021

Need personalised advice? Contact us to find the best solution!

(Required)
This field is for validation purposes and should be left unchanged.

Join the Quantyca team, let's be a team!

We are always looking for talented people to join the team, discover all our open positions.

SEE ALL VACANCIES