In today’s data-driven world, protecting user privacy and complying with regulatory requirements are paramount for businesses across industries. The General Data Protection Regulation (GDPR) stands as a cornerstone of data protection laws, setting stringent standards for the collection, processing, and storage of personal data. Among its key provisions, the GDPR Right to Erasure, also known as the Right to be Forgotten, holds significant implications for businesses worldwide. Apache Ozone 1 is a highly scalable, secure and consistent distributed system for Big Data Analytics and Cloud Native applications. Recognizing the criticality of GDPR compliance and the importance of enabling businesses to adhere to these regulations seamlessly, Apache Ozone introduced its groundbreaking GDPR Right to Erasure feature2.
We spoke to the original contributor of this GDPR Right to Erasure feature – Dinesh Chitlangia, a distinguished expert in the field of Distributed Systems and Big Data Analytics with over a decade of industry experience. While working at Cloudera, Dinesh architected and developed a custom encryption method to encrypt the data blocks and when data deletion was requested, the encryption/decryption keys would be destroyed instantly, thereby rendering the actual data blocks unreadable and being in compliance with GDPR. Whereas in a traditional file system, the actual unencrypted data blocks can still be accessed for several hours/days even after the file is assumed to be deleted. This leaves room for data theft and security concerns. Further, this feature eliminates the need for having a third party software for compliance needs, making Apache Ozone the first distributed system with built-in GDPR compliance. This ensured the organizations do not have to rely on a third party software for their compliance needs. Dinesh Chitlangia had delivered a preview of this feature in his talk at the ApacheCON NA 2019 – Apache Software Foundation’s annual technical conference for North America. For over a decade, Dinesh Chitlangia has helped major businesses optimize their data pipeline, use big data analytics for data driven growth and expansion.
Can you tell us about the significance of GDPR compliance for businesses in today’s digital landscape?
Dinesh: GDPR compliance is paramount for businesses operating in the European Union(EU) or handling the personal data of EU citizens. Non-compliance can result in severe financial penalties, undermining trust and damaging reputation. It’s not just about adhering to regulations; it’s about safeguarding data privacy and fostering customer trust.
So how is the European Union’s GDPR relevant to the United State of America?
Dinesh: Even though GDPR is a regulation established by the European Union, it has extraterritorial reach, meaning it applies to businesses outside the EU that process the personal data of EU residents. This means that any US business that deals with EU customers or clients must comply with GDPR requirements. Aside from the legal obligation, financial penalty for non compliance, it provides a competitive advantage by boosting data privacy and risk management approach. Lastly, compliance with GDPR often overlaps with other privacy regulations and standards, both at the federal and state levels in the US (such as the California Consumer Privacy Act – CCPA). Aligning with GDPR requirements can streamline compliance efforts and ensure consistency across different regulatory frameworks. Some popular examples for GDPR violations, specifically, pertaining to the GDPR Right to Erasure feature are Clearview AI Inc was fined EUR 20 Million in October 2022 as they violated Article 17 of the GDPR which grants the Right to Erasure. Similarly, Marriott International, the popular luxury hotel group was fined EUR 20 Million in 2020, Google was fined EUR 10 Million in 2022 and many more.
If organizations used Apache Ozone or a data platform like Cloudera’s CDP which includes Apache Ozone, they would have GDPR Right to Erasure compliance right out of the box and avoid massive financial penalties while safeguarding data privacy.
What is the GDPR Right to Erasure, and why is it critical for businesses to address this requirement?
Dinesh: The GDPR Right to Erasure, also known as the Right to be Forgotten, grants individuals the right to request the deletion or removal of personal data when there is no compelling reason for its continued processing. Compliance with this requirement is essential for businesses to respect user privacy and ensure data integrity. Failure to comply with this requirement can result in severe financial penalties, with fines reaching up to €20 million or 4% of the company’s global annual turnover, whichever is higher. For businesses operating in the European Union (EU) or handling the personal data of EU citizens, ensuring GDPR compliance is not just a legal obligation but also a strategic imperative.
How does the Apache Ozone GDPR Right to Erasure feature assist businesses in complying with the GDPR Right to Erasure?
Dinesh: Apache Ozone, an open-source distributed object store built for massive scalability and performance, has long been a staple in the data storage landscape. With the introduction of Apache Ozone GDPR Right to Erasure feature, it takes a giant leap in empowering businesses to easily identify and delete personal data stored within Apache Ozone clusters, consequently being compliant. Apache Ozone became the first distributed system to have built-in GDPR compliance support, eliminating the need for 3rd party software for compliance needs. By integrating robust data deletion mechanisms that can guarantee data deletion, Apache Ozone streamlines compliance efforts, minimizing operational overhead and reducing the risk of non-compliance.
What are the benefits of leveraging the Apache Ozone GDPR Right to Erasure feature for businesses?
Dinesh: By enabling businesses to effectively manage and delete personal data in accordance with GDPR requirements, Apache Ozone enhances trust and transparency with customers. Moreover, by reducing the risk of GDPR violations and associated penalties, Apache Ozone helps businesses save valuable resources that can be redirected towards innovation and growth initiatives.
How does the Apache Ozone GDPR Right to Erasure feature contribute to the overall data privacy landscape?
Dinesh: The Apache Ozone GDPR Right to Erasure feature represents a significant advancement in data privacy protection, offering businesses a powerful solution for ensuring GDPR compliance. By integrating GDPR Right to Erasure capabilities directly into its storage infrastructure, Apache Ozone empowers businesses to navigate regulatory requirements with confidence, safeguarding user privacy and mitigating financial risks. Further, as this feature is built-in, businesses do not have to spend on a 3rd party licensed software to achieve this compliance. This eliminates the financial burden and complexity that comes with integrating a 3rd party software.
In your opinion, how do you foresee the impact of the Apache Ozone GDPR Right to Erasure feature on businesses in the future?
Dinesh: Apache Ozone GDPR Right to Erasure feature is becoming increasingly essential for businesses seeking to maintain compliance with evolving data protection regulations. As data privacy continues to gain prominence on the global stage, solutions like Apache Ozone GDPR Right to Erasure feature will play a crucial role in enabling businesses to uphold the highest standards of data protection, foster customer trust, and mitigate regulatory risks.
In conclusion, Apache Ozone’s GDPR Right to Erasure feature represents a significant milestone in the realm of data storage, offering businesses a powerful solution for ensuring GDPR compliance and protecting user privacy. By integrating GDPR Right to Erasure capabilities directly into its storage infrastructure, Apache Ozone GDPR Right to Erasure feature empowers businesses to uphold the highest standards of data protection, mitigate regulatory risks, and safeguard user privacy, all while driving operational efficiency and cost savings by mitigating the risk of financial penalties uphold the trust of customers in an increasingly data-centric world.
2 https://issues.apache.org/jira/browse/HDDS-2012
Apache, Apache Ozone, the Apache Ozone logo, are trademarks of The Apache Software Foundation.