Teradata Passes GDPR Audit for Cloud Service

I’m pleased to announce that Teradata IntelliCloud – our as-a-service offering for analytics at scale – has been successfully vetted for compliance with the General Data Protection Regulation (GDPR).
 
GDPR readiness for IntelliCloud applies to all our as-a-service deployment options: Microsoft Azure, Amazon Web Services, and Teradata Cloud (which is Teradata infrastructure in Teradata data centers).
 
What exactly is GDPR, you ask? According to the internet’s most popular resource for crowd-sourced information (Wikipedia), GDPR is a regulation in European Union (EU) law on data protection and privacy for all individuals within the EU and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas.
Plain and simple, GDPR aims to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. For many companies, complying with GDPR for ALL customers regardless of location or country of origin is often the preferred approach for dealing with data protection and privacy rather than having a patchwork of policies that differ by geography, which can be difficult to manage.
 
Truth be told, we achieved our compliance milestone back in the May 2018 timeframe when GDPR first became enforceable. You may recall the flurry of news articles from that time when GDPR enforcement went into effect.
 
Why was there such a GDPR hubbub back then? Well, in some cases, violators of the GDPR may be fined up to €20 million or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.
 
Given Teradata’s 2017 fiscal year revenue of $2.16B, a worst-case fine of 4% would be about $86.4M. Ouch! The potential for such a financial penalty explains why global firms such as Teradata have been taking the regulation so seriously.
 
In fact, the Teradata team spent about six months developing the necessary capabilities, privacy policies, processes to enable the “right to be forgotten” (a key requirement for GDPR), end-user acknowledgement, standard contract language for customers, and training of staff to prepare for the GPDR audit. It was no small set of tasks.
 
And then, after all that preparation, we hosted some visitors – folks who like to snoop around, ask lots of questions, and take plenty of notes. These are people who take this stuff as serious as we do.
 
Who am I talking about? Similar to what we’ve done with many of our other IntelliCloud compliance achievements – such as PCI, HIPAA, SOC 1 and 2, and ISO 27001 – Teradata turned to the (external) auditors at Coalfire, a well-regarded cybersecurity advisory firm, to conduct the validation work required to demonstrate GDPR adherence.
 
Why did we go with an outside firm?
 
Trust. Frankly, it’s one thing to claim compliance (or the ever-present “designed to comply” statement), but it’s an entirely different thing to invest the resources to have an independent, external auditor such as Coalfire to come onsite, review your processes, spot-check your records and logs, interview numerous stakeholders, and assess whether you actually meet the requirements “for realz”.
 
We did so, and we’re very proud about that. We stand behind our claims, and customers can be assured that when they place their trust in Teradata, we won’t let them down.

Why should you care?

Security is often the number one concern of organizations evaluating cloud deployment. As such, we at Teradata feel strongly that it’s important to “put our money where our mouth is” and show the world that we’ve got what it takes to protect customers’ information assets when it comes to cloud security, cloud data protection, cloud data privacy.
 
In fact, we’ve run the numbers and they’re impressive: Teradata invests about $1M annually for external audits to demonstrate compliance with the regulations and guidelines which are most important to our customers.
 
That’s real money, and it shows what we on the extended Teradata cloud team have known all along: this stuff matters, and we’re here to do the job right. If that takes time and investment, then so be it.
 
Bottom line: we care about security, privacy, and compliance in the cloud – and you can take that to the bank.