Products
By Use Cases By Roles
Data Command Center
View
Learn more

Asset and Data Discovery

Discover dark and native data assets

Learn more

Data Access Intelligence & Governance

Identify which users have access to sensitive data and prevent unauthorized access

Learn more

Data Privacy Automation

PrivacyCenter.Cloud | Data Mapping | DSR Automation | Assessment Automation | Vendor Assessment | Breach Management | Privacy Notice

Learn more

Sensitive Data Intelligence

Discover & Classify Structured and Unstructured Data | People Data Graph

Learn more

Data Flow Intelligence & Governance

Prevent sensitive data sprawl through real-time streaming platforms

Learn more

Data Consent Automation

First Party Consent | Third Party & Cookie Consent

Learn more

Data Security Posture Management

Secure sensitive data in hybrid multicloud and SaaS environments

Learn more

Data Breach Impact Analysis & Response

Analyze impact of a data breach and coordinate response per global regulatory obligations

Learn more

Data Catalog

Automatically catalog datasets and enable users to find, understand, trust and access data

Learn more

Data Lineage

Track changes and transformations of data throughout its lifecycle
Data Controls Orchestrator
View
Data Command Center
View
Sensitive Data Intelligence
View

Asset Discovery
Data Discovery & Classification
Sensitive Data Catalog
People Data Graph
Learn more

Privacy

Automate compliance with global privacy regulations

Data Mapping Automation

View

Data Subject Request Automation

View

People Data Graph

View

Assessment Automation

View

Cookie Consent

View

Universal Consent

View

Vendor Risk Assessment

View

Breach Management

View

Privacy Policy Management

View

Privacy Center

View

Learn more

Security

Identify data risk and enable protection & control

Data Security Posture Management

View

Data Access Intelligence & Governance

View

Data Risk Management

View

Data Breach Analysis

View

Learn more

Governance

Optimize Data Governance with granular insights into your data

Data Catalog

View

Data Lineage

View

Data Quality

View
Data Controls Orchestrator
View
Solutions
Technologies

Covering you everywhere with 1000+ integrations across data systems.

Snowflake

View

AWS

View

Microsoft 365

View

Salesforce

View

Workday

View

GCP

View

Azure

View

Oracle

View

Learn more

Regulations

Automate compliance with global privacy regulations.

US California CCPA

View

CPRA
California Privacy Rights Act

View

European Union GDPR

View

Thailand’s PDPA

View

China PIPL

View

Canada PIPEDA Compliance Solution

View

Brazil's LGPD

View

+ More

View

Learn more

Roles

Identify data risk and enable protection & control.

Privacy

View

Security

View

Governance

View

Marketing

View
Resources

Blog

Read through our articles written by industry experts

Collateral

Product brochures, white papers, infographics, analyst reports and more.

Knowledge Center

Learn about the data privacy, security and governance landscape.

Securiti Education

Courses and Certifications for data privacy, security and governance professionals.
Company

About Us

Learn all about Securiti, our mission and history

Partner Program

Join our Partner Program

Contact Us

Contact us to learn more or schedule a demo

News Coverage

Read about Securiti in the news

Press Releases

Find our latest press releases

Careers

Join the talented Securiti team

GDPR Compliance for Snowflake – All You Need to Know

Published September 14, 2021 / Updated November 22, 2023

Today organizations collect and analyze vast volumes of data to find business insights and drive higher productivity and revenues. With 4,500+ active customers, Snowflake has become one of the leading cloud data platforms in the world. When using Snowflake, organizations need to ensure that sensitive data in Snowflake is protected from unauthorized access.

Sensitive data is a specific set of personal data that requires additional protection compared to other types of personal data. This is because the breach of sensitive personal data can have severe detrimental effects on data subjects (customers, users, etc.). For example, patient medical records are considered sensitive data under the GDPR. If these medical records are compromised in a data breach, it could seriously affect the data subjects’ health and well-being.

Learn more about What is Sensitive Data & How to Determine it here.

Under the General Data Protection Regulation (GDPR), data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, genetic data, biometric data, data concerning health are treated as sensitive personal data. The collection and processing of sensitive personal data are allowed only on limited legal grounds. The GDPR imposes several legal requirements on organizations for the protection of personal data too.

Addressing these data obligations with traditional, manual, and static methods is challenging when large volumes are present in data warehouses. To ensure all data obligations associated with sensitive data are met, organizations should consider autonomous techniques for sensitive data intelligence, governance, security, and privacy in their data warehouses such as Snowflake.

Sensitive Data Intelligence - Discover & Classify Sensitive Data in Snowflake at Petabyte Scale

With Securiti, organizations can discover sensitive data to find hundreds of sensitive data elements within Snowflake. Moreover, admins can target specific sensitive data elements such as name, email, phone number, social security number, national ID numbers, and hundreds more. Organizations can even add custom data elements that can discover sensitive data specific to a particular customer or business environment.

Learn more about Sensitive Data Discovery Scanning for the Snowflake Data Cloud.

In GDPR, personal data is any information relating to an identified or identifiable natural person - anything that can help identify an individual, such as first and last names, birth dates, religious beliefs, data concerning health, or financial data. You can learn more about the categories and types of personal data in GDPR here.

Securiti is purpose-built to help organizations meet GDPR compliance when using Snowflake by detecting hundreds of GDPR specific sensitive data elements in structured and unstructured columns within Snowflake.

Privacy Obligations under GDPR

According to the GDPR, both the data controller and processor are required to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, sensitivity level, and impact on individuals. Organizations must conduct a risk assessment, evaluating risks inherent in the processing when deciding on implementing security controls and whether or not they are appropriate for any particular data processing activity.

These security measures may include the following:

The pseudonymization and encryption of personal data;
The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Additional privacy obligations under the GDPR:

Maintain records of data processing activities (RoPA Reports) (Art. 30)
Conduct Data Processing Impact Assessments for high-risk data processing activities (Art. 35)
Implement Breach Management and notification processes (Art. 33 and 34)
Leverage contractual agreements with third parties for the protection of transferred data (Art. 28)
Comply with Cross-border Data Transfer requirements (Art. 44-50)
Fulfill Data Subjects’ Rights (Art. 12-23)

How does Securiti help address Privacy Obligations for GDPR

Discovery and insights into sensitive data is a foundational step to GDPR compliance. As mentioned earlier, several other privacy obligations need to be addressed. Securiti can help assist organizations in complying with these GDPR requirements.

Remediate Security Misconfigurations Automatically:

Securiti monitors security misconfigurations in the Snowflake instance and sets policies that automatically remediate them. For example, Snowflake administrators can discover and enable multi-factor authentication for all users.

In addition to auto-remediation, Snowflake administrators can notify data system owners via email or a service ticket. Admins can track policy violations via owner assignment to ensure any security risks are reviewed and appropriately addressed.

Data Access Governance

Snowflake administrators may be tasked with sharing data sets internally or externally with third-party data processors. For example, when sharing data that contains debit/credit card numbers, Securiti can discover credit card data and mask critical information like credit card numbers, CVC code, date of expiry, etc.

Securiti has several other privacy solutions to build Data Maps, fulfill DSR Rights, meet Breach Notification Requirements, manage User & Cookie Consent, and Assess Internal or Vendor Privacy postures. All of these solutions can help ensure complete GDPR compliance. Find out more by visiting our GDPR Privacy Solutions page.

Conclusion

Snowflake has become a market leader for data processing and analytics, with thousands of customers worldwide. Unfortunately, large data sets that are stored and processed in the Snowflake Data Cloud are susceptible to cyber-attacks because they might contain valuable, sensitive personal information. Securiti for Snowflake can help organizations discover sensitive personal data using powerful automation. The solution also helps organizations implement the proper controls to protect sensitive personal data in the Snowflake Data Cloud with autonomous data intelligence, governance, protection, and privacy.

Authored by Omer Imran Malik

Omer Imran Malik (CIPP/US, CIPM) is a data privacy and technology lawyer with significant experience in advising governments, technology companies, NGOs and legislative think-thanks on data privacy and technology related legal issues and is an expert in modeling legal models for legal technology. He has been a prominent contributor to numerous esteemed publications, including Dawn News, IAPP and has spoken at the World Ethical Data Forum as well.

His in-depth knowledge and extensive experience in the industry make him a trusted source for cutting-edge insights and information in the ever-evolving world of data privacy, technology and AI related legal developments.

Take a
Product Tour

See how easy it is to manage privacy compliance with robotic automation.

Watch a demo

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.