The General Data Protection Regulation (GDPR) is now a matter of months away.  Vendors of all shapes and sizes are ramping up their GDPR scare stories (e.g. the potential fines) to trigger a response from businesses.

Couchbase is taking a more positive view of GDPR. We view securing our customers’ data as one of the key building blocks for digital activity and digital interactions.

It is important that each and every business takes the necessary steps to ensure their compliance by May 2108 and beyond. However, if your GDPR program is operating in a silo and solely focused on tick box compliance, then your business is missing a trick.  GDPR is really important, but it’s just one of many pieces of regulation that make up the fabric of interacting with customers in an increasingly digital world. It is better to keep an eye on the real challenge and, in fact, the real opportunity that we all want: supporting more digital interactions and transactions.

More Digital Activity

Too often we forget that the ultimate objective of GDPR is actually to enable more digital activity. As one of many European Union initiatives, GDPR is designed to achieve a comprehensive and seamless single digital marketplace across the EU.  

Ticking a compliance box is easy, supporting digital is the challenge.  Customers are constantly demanding exceptional digital experiences from businesses that they engage with as the technology landscape evolves.  Customer preferences and tastes are ever changing within a shifting market and regulatory context.  Regulation is just one moving part of servicing the customer in this new world.

A Contract of Trust

A key part of engaging with customers revolves around trust.  Trust that the data shared will be kept secure, used for specified reasons only, not shared without their consent, etc, etc.  Businesses need to secure customer data not just because the regulation requires it but because ongoing success requires customer trust.  This trust is gained through careful management of the customer experience, including their data.  

Couchbase as a company is no different in needing to maintain this trust with our employees, customers, prospects and users as well.

As recent events continue to remind us, “Trust takes years to build, seconds to break, and forever to repair.” 

Yet Another Regulation

GDPR is a pretty significant piece of legislation on data protection and privacy and the fines are potentially huge!  In reality, it is just another example of regulations that already exist across various markets (PCI for financial services, HIPAA for healthcare, etc). There are similar themes underpinning regulations for securing personal data across the world whether in Europe, the Americas or any other region.

In general, these regulations require businesses to clearly understand and protect the personal information they hold: what it is, where it is, who has access to it, how it is used, how it can be deleted and, in some cases even, how it is gathered.  There are several pieces to protecting data but three key areas stand out:

  • Encryption: Encrypting data is the workhorse of most regulation and ensures data is protected from unauthorized users wherever it may be: at rest and on the move.
  • Access Control: Authentication and authorisation allow fine grained control over who can access the data, under what circumstances and with varying level of privileges (read only, read-write, etc).
  • Auditing: Businesses must be able to assess and report on the status of their environments and the personal information held there.  This is to ensure the appropriate response and remediation in the event of any leakage or breach.

Other aspects of “protecting” data include High Availability and Disaster Recovery, masking/hiding information (pseudonymisation), minimising the amount and type of data collected to what is strictly necessary, and ensuring the physical environments are secure.

Security of data is already a key building block of the Couchbase Data Platform and supports businesses in their efforts to comply with some of the most stringent regulatory standards in the world.


Certainly businesses need to get on the right side of GDPR and any other relevant regulation.  However, the real challenge and the real opportunity is about supporting more digital interactions and transactions.  The engagement database is a central part of delivering exceptional customer interactions in a digital world and security is a core part.  Couchbase already works with companies in some of the most heavily regulated industries and countries in the world.  GDPR is just the latest regulatory challenge in front of us.

See our Ebook: “Don’t Waste Your GDPR Effort on Narrow Compliance” for some tips on the key Dos and Don’ts.


Posted by Perry Krug

Perry Krug is an Architect in the Office of the CTO focused on customer solutions. He has been with Couchbase for over 8 years and has been working with high-performance caching and database systems for over 12 years.

Leave a reply