Presented By O'Reilly and Cloudera
Make Data Work
22–23 May 2017: Training
23–25 May 2017: Tutorials & Conference
London, UK

GDPR, data privacy, anonymization, minimization. . .oh my!

Steven Touw (Immuta)
12:0512:45 Wednesday, 24 May 2017
Law, ethics, governance
Location: Capital Suite 14
Level: Intermediate
Average rating: ****.
(4.17, 12 ratings)

Who is this presentation for?

  • CIOs, CTOs, data architects, security professionals, data protection officers, data scientists, and data engineers

Prerequisite knowledge

  • A basic understanding of authentication and authorization and database technologies

What you'll learn

  • Learn design principles that enforce information governance from the ground up
  • Understand how to establish a strategy to tackle the challenges associated with data privacy while still enabling analytics within your organization


In this new world order, data collection must come with a corporate responsibility to protect data. Recently, society has influenced policy, leading to some very rigidly defined data privacy control legislation, such as the EU Data Protection Regulation (aka GDPR), the Russian federal law on personal data, and the German Bundesdatenschutzgesetz (BDSG).

GDPR is not just a slap on the wrist. A breach or misuse of data may engender a fine of 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year (whichever is greater). So what does all this mean? Enterprises must begin to separate security and privacy. Encryption, defensive cyber-controls, etc. are security policies. Privacy is a data management problem with a business process wrapped around it that culminates in an information governance strategy for an organization.

A well-built governance strategy creates a workflow for the creation of advanced analytics with data privacy at the core of the design. Designing models and analytics and then going back to add data privacy controls is much, much more difficult and sometimes impossible—and at the least very risky.

Steven Touw tackles the anti-patterns and best practices for a data architecture that helps answer these questions through technology, examining how to design your data and analytics architecture to keep your data science teams delivering results legally.

Topics include:

  • How to design models on top of regulated data without risking violating regulation, the privacy of the consumer, or having to spend a lot of time writing custom controls into your code
  • How to deploy models that run on top of data in which the policies on the data are constantly changing
  • How to audit data usage granularly to include justifications around access
  • An overview of anonymization strategies that can be used to protect individual information and how they are viewed by the law(s)
Photo of Steven Touw

Steven Touw


Steve Touw is the cofounder and CTO of Immuta. Steve has a long history of designing large-scale geotemporal analytics across the US intelligence community, including some of the very first Hadoop analytics, as well as frameworks to manage complex multitenant data policy controls. He and his cofounders at Immuta drew on this real-world experience to build a software product to make data security and privacy controls easier. Previously, Steve was the CTO of 42six (acquired by Computer Sciences Corporation), where he led a large big data services engineering team. Steve holds a BS in geography from the University of Maryland.

Comments on this page are now closed.


Picture of Steven Touw
Steven Touw | CTO
25/05/2017 14:09 BST

I just sent them off to the organizers and I hope to see them posted soon. Thanks for your interest.

Picture of Alexandre Berger
25/05/2017 9:51 BST

Hello Steven, do you plan to share the slides?
By the way interesting presentation

Picture of Steven Touw
Steven Touw | CTO
24/02/2017 1:41 GMT

Hi all, please feel free to post some questions here prior to the talk. I’ll be checking back periodically to answer them.