Looker is a strong ally for any organization using business intelligence (BI), analytics or developing AI/ML capabilities. Using Looker can present business opportunities to appeal to consumers worldwide as a champion of privacy through GDPR- compliant services and products.
The GDPR is a set of regulations designed to protect EU individuals’ personal data and expand their rights to control its use. The core requirements compel companies to establish and maintain effective data governance through the data lifecycle - the people, processes and technologies accessing data.
Please note: The GDPR is a complex set of regulations, and every company’s approach to GDPR compliance will be unique. Companies should work with their own advisors to determine how best to comply with the GDPR requirements. Learn more about how Looker complies with the GDPR.
With Looker, you are implementing a simpler, transparent architecture for data processing that can comply with GDPR requirements, while providing the necessary modern data capabilities and crucial insights to drive business success.
Looker’s flexible architecture integrations with current and future technologies will scale to meet your evolving needs for years to come.
Looker’s ‘in-database processing’ design directly connects to any SQL compliant database such as BigQuery, AWS, Snowflake, and many more, while fully leveraging your investment in their performance capabilities. No data is extracted, copied or moved from the database, which helps maintain integrity, and greatly reduces data duplication and the risk of unauthorized access or a data breach.
At the core of Looker’s data platform is a robust modelling layer which provides a single point of fully-governed data access. The ability to set granular permissions can restrict data access all the way down to a column or row ensures users see only the data they are granted access to.
With Looker working in tandem with your database, it’s far easier to track exactly who accessed what data and when. Real time alerts can spotlight unusual database activity for faster responses. Looker can possibly assist in identifying the source, scope, and breadth of a breach in order to report it to regulators and individuals within the required time frame.
Looker’s modelling layer and API can be automated to retrieve, anonymize and deliver data with auditable logic to AI/ML tools, without changing data in the underlying database.
Numerous product features assist with data management, setup, and processes in meeting GDPR requirements. For a more extensive introduction to the GDPR, a checklist of requirements and expanded point-by-point interpretation and explanation of how Looker can help achieve GDPR compliance, download our whitepaper ‘What GDPR Means for Your Business’s Data Strategies’.
Your data model is global which allows users to access the same underlying data using the same approved business logic. Borrowing from software development best practices, your model is version-controlled in Git, producing a record of when metric definitions have changed, who changed them, and why, supporting provable data accuracy and integrity.
Proactive alerting allows administrators to automatically receive reports on soon expiring data. Or, set webhooks to create automated processes for handling data that soon expires. Looker’s caching layer can be configured to optimally meet your version security controls and performance.
Looker’s UI or API can be used to locate personal data in a centralized database. This can simplify its documentation and facilitates a more precise erasure of personal data by request or expiration. Our engineers built a deletion capability that allows the administrator to delete a Looker user’s account data.
Data audits can be easier with Looker, since there can be one access point for users to work with your business’ data. When data is centralized, it’s possible only one version of that data could exist. This makes it easier to track who accessed the data, and when they accessed it.
Looker has user and role-based permissioning that allows for each authenticated user to only access the appropriate data allowed for them. Data models can be designed that a user with no assigned access can default to no data access, thus eliminating weaknesses in the data supply chain.
Looker’s UI or API can be used to locate personal data in a centralized database and deliver it in a variety of commonly used electronic formats. Looker has built an internal engineering process to anonymize data for downstream processing.
Looker uses hashing, encryption, and key management controls to protect your data both at rest and in transit. The Looker SOC 2 Type 2 report can be made available on request to potential and current customers under a NDA.
Looker provides clients with a variety of cloud hosting options to help meet GDPR compliance standards. We host your platform in a secure, single-tenant cloud in several geographies and cloud hosting providers around the world.
Additionally, Looker participates in the E.U. - U.S. Privacy Shield and the Swiss - U.S. Privacy Shield frameworks and applies the E.U. Standard Contractual Clauses (SCCs) for data transfers outside of the E.U., U.K., and Switzerland.