Blog
Data Platform & Data Management
How To Set Up a GDPR Compliant Data Lake From Scratch – Part 2

How To Set Up a GDPR Compliant Data Lake From Scratch – Part 2

Tim Hattendorf

Tim Hattendorf

2.6.2023

16.1.2025

Data Platform & Data Management
How To Set Up a GDPR Compliant Data Lake From Scratch – Part 2

As we have seen in the previous blog post, we should now have our transformed data in the data lake and have it available in the Glue Data Catalogue. In this blog post, we will first discuss what AWS Lake Formation is and see how we can use it to securely share access to the data.

Table of Contents

What is AWS Lake Formation?

AWS Lake Formation is a fully managed service that makes it easy to set up, secure, and manage a data lake on AWS. With AWS Lake Formation, you can define security and access controls, set up data management and governance or integrate with other AWS services for data processing and analysis.

Some of the benefits of AWS Lake Formation include:

  • Easy set up: Lake Formation simplifies the process of setting up a data lake by making it easy to import databases from within AWS as well as from external sources. It provides several pre-built data connectors, making it easy to get data from various sources such as RDS, DynamoDB, and S3. It is also possible to use an already existing data lake that is set up in S3 for example.
  • Catalog your data: Lake Formation crawls your data sources via Glue to extract the metadata and creates a searchable data catalogue.
  • Manage Access Controls: Lake Formation allows you to manage access to your data in the data lake. It supports fine-grained access controls, which allow you to define who can access which data and at what level of granularity e.g., table, column, row, and cell level. These policies apply to IAM users and roles.
  • Cross account access: Lake Formationsimplifiessharing access to data across different AWS accounts.
  • AWS service integration: Lake Formationalso integrates with AWS Glue, AWS IAM, Amazon Redshift, Amazon Athena, AWS KMS and several other services.

To get an overview of how AWS Lake Formation handles requests by users, we can have a look at the diagram below. If a user tries to access data that is handled by AWS Lake Formation, it will return temporary credentials to the user with the access limitations that are defined in Lake Formation.

docs.aws.amazon.com/lake-formation/latest/dg/how-vending-works.html

How can it help us?

As we have seen in the previous blog post, we now have the PII and Non-PII data separated into two different buckets. PII data needs to be handled with upmost care as infringements can be expensive as seen in several countries. To make sure that access to the PII and Non-PII data is regulated, we will use AWS Lake Formation.

First, we need to setup a data lake administrator which is the only user that can grant Lake Formation permissions on data locations and Data catalogue resources to any principal. It is best practice, not to use a user with Administrator Access for that. The policy required for the data lake administrator user is “AWSLakeFormationDataAdmin”. There are also other policies that can be added to the user e.g., if you want to do cross-account data sharing.

Sobald der/die User:in eingerichtet wurde, müssen wir die S3-Speicherorte in Lake Formation registrieren. Dazu gehen wir in den Abschnitt „Data Lake locations“ und rOnce we have the user set up, we need to register the S3 locations in Lake Formation. To do that, we navigate to the “Data Lake locations” section in Lake Formation and register one location for each bucket. This is necessary so that permissions to access the data in the bucket are handled by Lake Formation and not the user´s permissions.

Lake Formation options for granting to principals

Now that we have everything set up, we can have a look at how to change the permissions. There are several ways to do this with varying granularity. We can set permissions on the database, table, column, row, or tag level (see screenshot below). With data filters (see screenshot below on the right), we can define columns that should be included or excluded when added to a permission. Here, it is also possible to use a where-clause to filter on the row level. Using tags to manage permissions, gives us the option to easily grant groups permissions for certain data that have that tag. If you want to find out more about all the options for permissions, check out the documentation (AWS LakeFormation Documentation). Furthermore, AWS already announced that it will now support centralized access control to the Redshift with AWS LakeFormation (AWS Announcement).

Table Permissions that can be defined

In this post, we illustrated what Lake Formation can be used for and how it is beneficial for our use case. We have now set up the config bucket, the crawlers, the ETL jobs, the PII and Non-PII buckets, and AWS Lake Formation to manage all the permissions. We have also seen the granularity of the permissions that we can grant.

In the next blog post, we will discuss how the framework becomes further GDPR compliant by implementing the “right to be forgotten” and the “right of access”. work. If you have any questions, please contact us!

Read part 3

Who is b.telligent?

Do you want to replace the IoT core with a multi-cloud solution and utilise the benefits of other IoT services from Azure or Amazon Web Services? Then get in touch with us and we will support you in the implementation with our expertise and the b.telligent partner network.

Get to know us
The top of an office building on a bright day

Want To Learn More? Contact Us!

Helene Fuchs

Your contact person

Helene Fuchs

Domain Lead Data Platform & Data Management

Pia Ehrnlechner

Your contact person

Pia Ehrnlechner

Domain Lead Data Platform & Data Management

Related Posts

Parallel Execution of SQL Statements in LUA Scripts
Parallel Execution of SQL Statements in LUA Scripts

25.8.2021

9.12.2024

Data Platform & Data Management

Parallel Execution of SQL Statements in LUA Scripts

Exasol is a leading manufacturer of analytical database systems. Its core product is a high-performance, in-memory, parallel processing software specifically designed for the rapid analysis of data. It normally processes SQL statements sequentially in an SQL script. But how can you execute several statements simultaneously? Using the simple script contained in this blog post, we show you how.

Read more
SAP Data Integration Into Microsoft’s Azure Cloud
SAP Data Integration Into Microsoft’s Azure Cloud

22.10.2024

17.1.2025

Data Platform & Data Management

SAP Data Integration Into Microsoft’s Azure Cloud

General Requirements of Enterprises

Many companies with SAP source systems are familiar with this challenge: They want to integrate their data into an Azure data lake in order to process them there with data from other source systems and applications for reporting and advanced analytics. The new SAP notice on use of the SAP ODP framework has also raised questions among b.telligent's customers. This blog post presents three good approaches to data integration (into Microsoft's Azure cloud) which we recommend at b.telligent and which are supported by SAP.

First of all, let us summarize the customers' requirements. In most cases, enterprises want to integrate their SAP data into a data lake in order to process them further in big-data scenarios and for advanced analytics (usually also in combination with data from other source systems). 

Read more
Data Platform Migration
Data Platform Migration

23.7.2024

17.1.2025

Data Platform & Data Management

Data Platform Migration

As part of their current modernization and digitization initiatives, many companies are deciding to move their data warehouse (DWH) or data platform to the cloud. This article discusses from a technical/organizational perspective which aspects areof particularly important for this and which strategies help to minimize anyrisks. Migration should not be seen as a purely technical exercise. "Soft" factors and business use-cases have a much higher impact.

Read more
chevron left icon
Previous post
All posts
Next post
chevron right icon

No previous post

No next post

Data Platform & Data Management
Tips & Tricks: The Repeat Loop as Performance Killer
New Feature: Option "Only Transfer Modified Files" In arcplan Administrator
Tips & Tricks: Removing Double Entries from a Column/Row
Tips & Tricks: Closing an Application from within the Application
Tips & Tricks: Checking Whether an Object Is There
Tips & Tricks: Increasing the Speed of Master Data Requests in SAP BW
Tips & Tricks: V-Lookup - Allocating Information Via Contingency Tables
New Feature: Function REPLACEEXPRESSION()
Best Practice: Do Not Extend Arrows Across Levels
Tips & Tricks: Switching Between Data Sources
Best Practice - arcplan Development Guidelines - Designing Documents
Tips & Tricks: READMETADATA() and PLACEMETADATA()
Instruction: Installing and Configuring IIS7
Intelligent Cross- & Up-Selling by the Use of Next Best Activity
Tips & Tricks: Arcplan and the Libraries
PROSET – Productivity Increase by Service Experience Management
Tips & Tricks: arcplan Background Report to connect to Databases
Increasing Campaign Profitability by Introducing SAS Marketing Optimization
Retention & WinBack
Forward-Looking Campaign Management in Online Gaming
Customer Intelligence in Existing Customer Management
Cross-Selling And Up-Selling Strategies For Call Centers
Tips & Tricks: Individual Selection as Performance Optimizer or Killer
Efficient CRM Success Measurement in Case of a ‘Video on Demand’ Supplier
Best Practice in CRM: Evaluation of a Sustainable Campaign Management System in the Financial Sector
arcplan Meets Hichert: Uniform Scaling Of Graphics
Proset - Research Project
Location Based Advertising
Old Meets New: Client Technologies for arcplan 8
MRM-Increasing Efficiency in Consultancy Services
arcplan Meets Hichert – Graphics With Outline Bars
Selfmade SPSS Frequency Analyses in R
Data Quality Management Remains Decisive Prerequisite for CRM
The Monty Hall Problem in 10 Python Lines
Looking Into the Data Science Toolbox
Roll-Out-Strategies for Campaign Management - Think Global, Act Local
Reformatting SPSS Value Labels for Output
Standardization of a Success Control Process in an Insurance Company
Calculating Wall Surface Areas in R on the Basis of Vectors
arcplan and its new Function "Assign"
Missing Values in Logistic Regression
The Customer Lifetime Value: Popular Errors and Unvarnished Truths
Campaign Management in the Mobile Engagement Environment
R Tips and Tricks - Part 1
Tips & Tricks: Transaction-Secured Inputs
Howto: Easy Web Scraping With Python
Instructions: HICHERT (IBCS) Out Of The Box
Uplift Modelling as Addition to Classic Response Modelling
Howto: Splitting Files With Standard Python Scripts
High Performance (Mental) Exercise With R
Howto: Connecting Cells by Means Of arcplan 8.6
Time Series Analysis Made Easy – Completely Without Analysis Tool
A Basket Full of Snakes: Python Modules for Data Science
Boosting For The Naive Bayes Classifier
Best Practice: Campaign Implementation
From SAS to R and back: Transfering SAS data Into an R System
Development Of A Powerful Data Science Team
Best Practice for SQL-Statements in Python
Handling SCD With the Oracle Data Integrator 12
The Requirement For Customer-Oriented Data Warehousing And The Opportunities It Creates
The Advanced Data Store Object and Its Tables
The Local Connection Arrow by Longview BI (formely arcplan)
How Stationary Trade Catches up to Online Shops With PoS Tracking Data
Analysis or App – What Does a Data Science Team Actually Produce?
The Highlights of Spark Summit 2016 in Brussels
SAP BW on HANA – Does a Cache Still Make Sense in ABAP Routines?
Enterprise Data Warehouse and Agile SQL Data Mart – SAP BW on HANA can do both – the “Mixed Scenario”
High Performance Lookups in BW Transformations in Practice - Introduction
SAP HANA – No More Memory? Implement Early Unload!
High Performance Lookups in BW Transformations - The Use of Internal Tables vs. SELECTS From the HANA Database
High Performance Lookups in BW Transformations - Selecting the Right Table Type
How Can I Slow Down HANA?
Performance Lookups in BW Transformation – Finding the Relevant Records
The Effective Use of Partition Pruning for the Optimisation of Retrieval Speed (Part 1)
Use Of The SCD Methodology By The Oracle Data Integrator 12
Performance Lookups in BW Transformations - Initial Aggregation of Selected Data
Data Warehouse Automation (Part 1)
Caret: A Cornucopia of Functions For Doing Predictive Analytics In R
The Effective Use of Partition Pruning for the Optimisation of Retrieval Speed (Part 2)
Staging Area: Potential in Comparison to Source System
The Effective Use of Partition Pruning for the Optimisation of Retrieval Speed (Part 3)
SAP HANA – Early Unload – Automate & Save Memory
How To: Who Should Check ETL Applications?
What is SAP BW/4 HANA And How Does It Differ From SAP BW on HANA 7.5?
CompositeProvider and a “Hidden” Function
Howto: Cell Input Control for Planning Solutions in Longview
Generating external HANA views
Absolutely Not Untyped!
Industry 4.0 and Business Analytics - More Room for Innovative Power
Next Best Activity in Energy Supply: Challenges and Opportunities At the Inbound Call Center
How-To: CSV to Kafka With Python and confluent_kafka (Part 1)
Three Approaches to Inter Company Coordination in Planning
How-To: CSV to Kafka With Python and confluent_kafka (Part 2)
Snapshot Generation in HR Reporting With ADSOs
7 Factors For Successful Introduction Of Marketing Automation
Data Warehouse Automation (Part 2)
The Basic Ideas behind Recommendation Systems
Snowflake Cloud DB and Python: “Two Good Friends”
Best Practice: Working With Paths In Python (Part 1)
Very Best Practice: Working With Paths In Python - Part 2
Tips & Tricks: The Repeat Loop as Performance Killer
New Feature: Option "Only Transfer Modified Files" In arcplan Administrator
Tips & Tricks: Removing Double Entries from a Column/Row
Tips & Tricks: Closing an Application from within the Application
Tips & Tricks: Checking Whether an Object Is There
Tips & Tricks: Increasing the Speed of Master Data Requests in SAP BW
Tips & Tricks: V-Lookup - Allocating Information Via Contingency Tables
New Feature: Function REPLACEEXPRESSION()
Best Practice: Do Not Extend Arrows Across Levels
Tips & Tricks: Switching Between Data Sources
Best Practice - arcplan Development Guidelines - Designing Documents
Tips & Tricks: READMETADATA() and PLACEMETADATA()
Instruction: Installing and Configuring IIS7
Intelligent Cross- & Up-Selling by the Use of Next Best Activity
Tips & Tricks: Arcplan and the Libraries
PROSET – Productivity Increase by Service Experience Management
Tips & Tricks: arcplan Background Report to connect to Databases
Increasing Campaign Profitability by Introducing SAS Marketing Optimization
Retention & WinBack
Forward-Looking Campaign Management in Online Gaming
Customer Intelligence in Existing Customer Management
Cross-Selling And Up-Selling Strategies For Call Centers
Tips & Tricks: Individual Selection as Performance Optimizer or Killer
Efficient CRM Success Measurement in Case of a ‘Video on Demand’ Supplier
Best Practice in CRM: Evaluation of a Sustainable Campaign Management System in the Financial Sector
arcplan Meets Hichert: Uniform Scaling Of Graphics
Proset - Research Project
Location Based Advertising
Old Meets New: Client Technologies for arcplan 8
MRM-Increasing Efficiency in Consultancy Services
arcplan Meets Hichert – Graphics With Outline Bars
Selfmade SPSS Frequency Analyses in R
Data Quality Management Remains Decisive Prerequisite for CRM
The Monty Hall Problem in 10 Python Lines
Looking Into the Data Science Toolbox
Roll-Out-Strategies for Campaign Management - Think Global, Act Local
Reformatting SPSS Value Labels for Output
Standardization of a Success Control Process in an Insurance Company
Calculating Wall Surface Areas in R on the Basis of Vectors
arcplan and its new Function "Assign"
Missing Values in Logistic Regression
The Customer Lifetime Value: Popular Errors and Unvarnished Truths
Campaign Management in the Mobile Engagement Environment
R Tips and Tricks - Part 1
Tips & Tricks: Transaction-Secured Inputs
Howto: Easy Web Scraping With Python
Instructions: HICHERT (IBCS) Out Of The Box
Uplift Modelling as Addition to Classic Response Modelling
Howto: Splitting Files With Standard Python Scripts
High Performance (Mental) Exercise With R
Howto: Connecting Cells by Means Of arcplan 8.6
Time Series Analysis Made Easy – Completely Without Analysis Tool
A Basket Full of Snakes: Python Modules for Data Science
Boosting For The Naive Bayes Classifier
Best Practice: Campaign Implementation
From SAS to R and back: Transfering SAS data Into an R System
Development Of A Powerful Data Science Team
Best Practice for SQL-Statements in Python
Handling SCD With the Oracle Data Integrator 12
The Requirement For Customer-Oriented Data Warehousing And The Opportunities It Creates
The Advanced Data Store Object and Its Tables
The Local Connection Arrow by Longview BI (formely arcplan)
How Stationary Trade Catches up to Online Shops With PoS Tracking Data
Analysis or App – What Does a Data Science Team Actually Produce?
The Highlights of Spark Summit 2016 in Brussels
SAP BW on HANA – Does a Cache Still Make Sense in ABAP Routines?
Enterprise Data Warehouse and Agile SQL Data Mart – SAP BW on HANA can do both – the “Mixed Scenario”
High Performance Lookups in BW Transformations in Practice - Introduction
SAP HANA – No More Memory? Implement Early Unload!
High Performance Lookups in BW Transformations - The Use of Internal Tables vs. SELECTS From the HANA Database
High Performance Lookups in BW Transformations - Selecting the Right Table Type
How Can I Slow Down HANA?
Performance Lookups in BW Transformation – Finding the Relevant Records
The Effective Use of Partition Pruning for the Optimisation of Retrieval Speed (Part 1)
Use Of The SCD Methodology By The Oracle Data Integrator 12
Performance Lookups in BW Transformations - Initial Aggregation of Selected Data
Data Warehouse Automation (Part 1)
Caret: A Cornucopia of Functions For Doing Predictive Analytics In R
The Effective Use of Partition Pruning for the Optimisation of Retrieval Speed (Part 2)
Staging Area: Potential in Comparison to Source System
The Effective Use of Partition Pruning for the Optimisation of Retrieval Speed (Part 3)
SAP HANA – Early Unload – Automate & Save Memory
How To: Who Should Check ETL Applications?
What is SAP BW/4 HANA And How Does It Differ From SAP BW on HANA 7.5?
CompositeProvider and a “Hidden” Function
Howto: Cell Input Control for Planning Solutions in Longview
Generating external HANA views
Absolutely Not Untyped!
Industry 4.0 and Business Analytics - More Room for Innovative Power
Next Best Activity in Energy Supply: Challenges and Opportunities At the Inbound Call Center
How-To: CSV to Kafka With Python and confluent_kafka (Part 1)
Three Approaches to Inter Company Coordination in Planning
How-To: CSV to Kafka With Python and confluent_kafka (Part 2)
Snapshot Generation in HR Reporting With ADSOs
7 Factors For Successful Introduction Of Marketing Automation
Data Warehouse Automation (Part 2)
The Basic Ideas behind Recommendation Systems
Snowflake Cloud DB and Python: “Two Good Friends”
Best Practice: Working With Paths In Python (Part 1)
Very Best Practice: Working With Paths In Python - Part 2
Introduction To Continuous Integration in the Development of Data Warehouse Systems
BCBS 239 - An Opportunity for Efficient Business Intelligence in the Banking Sector
Customer Data Platform - The New Silver Bullet in Marketing?
Customer Data Platform - An Overview of Categories
SAP BW - Optimization With Distinct Count, or “How To Count My Clients”
Extending On-Premises Data Solutions to Snowflake on Azure
Customer Data Platforms – A Classification
Customer Data Platforms - Evaluation As A Success Factor
SAP BusinessObjects 4.2 SP07 and a Look Into the Future
Reinforcement Learning, Bayesian Statistics And Tensorflow Probability: A Child's Game (part 1)
SAP BW Query - Efficient Use of Filters With Large Data Volumes, Or: “How Do I Speed Up the Filters?”
Data Privacy in DWH
Neural Averaging Ensembles for Tabular Data With TensorFlow 2.0
Reducing Complexity in Campaign Management by Marketing Resource Management
Data Preparation for Qlik Sense and Tableau
Recommender Systems – Part 3: Personalized Recommender Systems, ML and Evaluation
Data Migration With Exasol – From DWH To High-Performance Cloud Platform
Data Science for Kids: How To Win at “Guess Who?”
Visualizations in Reports (And What Needs To Be Considered Here)
Three Basics of BI Quality Management
Python in Power BI
Martech Capabilities - Tell Me Where You Stand and I’ll Tell You What You Need
IoT Adoption Framework: 6 Steps for Successful IoT Projects
The Do’s and Don’Ts of Selecting a Marketing Cloud – Finding the Right Tool
Martech Architecture: A Map In The Technology Labyrinth
The b.telligent Azure Academy: How I Became an Azure Pro in Four Months
Blueprint: Cloud Data Platform Architecture – Part 1: Ingestion
Blueprint: Cloud Data Platform Architecture – Part 2: Data Lake
Blueprint: Cloud Data Platform Architecture – Part 3: Analytics
Iot Readiness Assessment - Is Your Company Ready for the Internet of Things?
Hints and Tips for Faster Tableau Data Sources
The Essence of Data – Distillation in SQL
Parallel Execution of SQL Statements in LUA Scripts
The Lakehouse Approach – Cloud Data Platform on AWS
The SAP Analytics Cloud – Story vs. Analytics Designer
How To Install Ray Under Windows
IoT Ingestion With AWS Greengrass
Power Bi With Large Data Quantities: Three Pragmatic Tips
Power BI or Tableau? A Comparison From Developer’s Point of View
IoT Data Processing - Part 1: Azure Synapse Analytics
Iot Data Processing – Part 2: Azure Stream Analytics & Functions
SAP Analytics Cloud – Live vs. Import Connection
Sap Analytics Cloud – User and Operating Concept
Quantile Regression With Gradient Boosted Trees
Coordinate Goals, Strategy, Organization and Governance
Data Platforms: Complete, Performant and Secure
Internationalization with Power BI
Implementing a Key Figure Dimension in Power BI
End of Support for SQL Server 2012: 12.07 Is the Last Day!
SAP BW Bridge – SAP Data Warehouse Cloud
Vertex AI Pipelines - Getting Started
Use of Private Python Packages in Vertex AI - 3
LightGBM On Vertex AI
Tableau Sets – Create and Use Data Subsets Dynamically
Do You Still Regulate Data or Are You Already Democratizing?
Marketing Resource Management: An Overview of Providers
Automate Marketing Workflows With MRM Software
Performance Insights via the MRM Monitoring Component
Deliver Projects Faster With Python Ibis Analytics
SAC – User-Centred Visualization of Data With Custom Widgets
Computer Vision 101: How Machines Learn To See
Data Mesh: b.telligent ́s Considerations and Service Portfolio
How To Set Up a GDPR Compliant Data Lake From Scratch – Part 1
How To Set Up a GDPR Compliant Data Lake From Scratch – Part 2
How To Set Up a GDPR Compliant Data Lake From Scratch – Part 3
Planning and Data Strategy – How Compatible Are They?
Open Source as an Alternative to Google's IoT Core
Large Language Models – An Overview Of The Model Landscape
Sizing a Redshift Database for a Cloud DWH
Brief Guide to Using Generative AI and LLMs
Microsoft Fabric: Migration - Advantages & Chances?
Sap Analytics Cloud – The New Optimized Story Experience
The Digital Product Passport - The Opportunity for Companies!
Azure IoT Operations – New Opportunities with Kubernetes
Automated Image Processing: A Standard Architecture
AWS-Based IoT Kick-Starter Platform
Build Bridges: SAP BW Meets Microsoft Power Bi
How Mature Is Your ML Approach?
Data Platform Migration
Efficient Distance Joins in Polars
Sizing and Scaling Azure AI Search
Fabric Security: Potentials & Limits of the Network Setup
SAP Data Integration Into Microsoft’s Azure Cloud
Fabric Security: More Than Just Private Endpoints?
Extending AWS Redshift’s Data Processing With AWS Compute Services