Business intelligence and GDPR compliance

Looker is a strong ally for any organization using business intelligence (BI), analytics or developing AI/ML capabilities. Using Looker can present business opportunities to appeal to consumers worldwide as a champion of privacy through GDPR- compliant services and products.

What is the GDPR and its requirements?

The GDPR is a set of regulations designed to protect EU individuals’ personal data and expand their rights to control its use. The core requirements compel companies to establish and maintain effective data governance through the data lifecycle - the people, processes and technologies accessing data.

Please note: The GDPR is a complex set of regulations, and every company’s approach to GDPR compliance will be unique. Companies should work with their own advisors to determine how best to comply with the GDPR requirements. Learn more about how Looker complies with the GDPR.

When privacy is done right, that knowledge will bring customers confidence and trust in the vendors who demonstrate respect for their data. Privacy is good for business―and for innovation.

Barbara Lawler, Chief Privacy & Data Ethics Officer, Looker

Looker’s architecture readiness for GDPR compliance

With Looker, you are implementing a simpler, transparent architecture for data processing that can comply with GDPR requirements, while providing the necessary modern data capabilities and crucial insights to drive business success. Looker’s flexible architecture integrations with current and future technologies will scale to meet your evolving needs for years to come.

Reduce data sprawl with data centralization

Looker’s ‘in-database processing’ design directly connects to any SQL compliant database such as BigQuery, AWS, Snowflake, and many more, while fully leveraging your investment in their performance capabilities. No data is extracted, copied or moved from the database, which helps maintain integrity, and greatly reduces data duplication and the risk of unauthorized access or a data breach.

Simplify data governance and access

At the core of Looker’s data platform is a robust modelling layer which provides a single point of fully-governed data access. The ability to set granular permissions can restrict data access all the way down to a column or row ensures users see only the data they are granted access to.

Proactively monitor data, audit access and breaches

With Looker working in tandem with your database, it’s far easier to track exactly who accessed what data and when. Real time alerts can spotlight unusual database activity for faster responses. Looker can possibly assist in identifying the source, scope, and breadth of a breach in order to report it to regulators and individuals within the required time frame.

Security and privacy first with Looker

Security and privacy are at the core of GDPR and Looker’s data platform. Looker is equipped with enterprise-grade feature sets to help with GDPR compliance, including two-factor authentication, AES encryption, and more.

Transparency for data science and AI/ML workflows

Looker’s modelling layer and API can be automated to retrieve, anonymize and deliver data with auditable logic to AI/ML tools, without changing data in the underlying database.

Looker’s product readiness for GDPR compliance

Numerous product features assist with data management, setup, and processes in meeting GDPR requirements. For a more extensive introduction to the GDPR, a checklist of requirements and expanded point-by-point interpretation and explanation of how Looker can help achieve GDPR compliance, download our whitepaper ‘What GDPR Means for Your Business’s Data Strategies’.

Data accuracy

Your data model is global which allows users to access the same underlying data using the same approved business logic. Borrowing from software development best practices, your model is version-controlled in Git, producing a record of when metric definitions have changed, who changed them, and why, supporting provable data accuracy and integrity.

Data retention

Proactive alerting allows administrators to automatically receive reports on soon expiring data. Or, set webhooks to create automated processes for handling data that soon expires. Looker’s caching layer can be configured to optimally meet your version security controls and performance.

Data erasure

Looker’s UI or API can be used to locate personal data in a centralized database. This can simplify its documentation and facilitates a more precise erasure of personal data by request or expiration. Our engineers built a deletion capability that allows the administrator to delete a Looker user’s account data.

Data protection audit capabilities

Data audits can be easier with Looker, since there can be one access point for users to work with your business’ data. When data is centralized, it’s possible only one version of that data could exist. This makes it easier to track who accessed the data, and when.

Data governance and privacy

Looker has user and role-based permissioning that allows for each authenticated user to only access the appropriate data allowed for them. Data models can be designed that a user with no assigned access can default to no data access, thus eliminating weaknesses in the data supply chain.

Data portability

Looker’s UI or API can be used to locate personal data in a centralized database and deliver it in a variety of commonly used electronic formats. Looker has built an internal engineering process to anonymize data for downstream processing.

Data encryption and key management

Looker uses hashing, encryption, and key management controls to protect your data both at rest and in transit. The Looker SOC 2 Type 2 report can be made available on request to potential and current customers under a NDA.

Data hosting and international data transfers

Looker provides clients with a variety of cloud hosting options to help meet GDPR compliance standards. We host your platform in a secure, single-tenant cloud in several geographies and cloud hosting providers around the world.

Additionally, Looker participates in the E.U. - U.S. Privacy Shield and the Swiss - U.S. Privacy Shield frameworks and applies the E.U. Standard Contractual Clauses (SCCs) for data transfers outside of the E.U., U.K., and Switzerland.

Looker’s company readiness for GDPR compliance

Our data security program is designed to ensure that the policies, controls and processes are appropriate to the type of personal data and data processing collected. You can find our security policy on our product security in addition to Looker’s vendors and subprocessors on the GDPR FAQ pages.

Love your analytics

Business intelligence, big data analytics, or a 360° view of your customers. Whatever you need, Looker can help. Talk to our data experts.

Request a demo