Tide, a mobile-first financial platform based in the U.K., offers fast, intuitive service to small business customers. Data is crucial to Tide, having supported its incredible growth to nearly 500,000 customers in just eight years. As a regulated financial platform, the company sought to improve its compliance with GDPR’s right to erasure provision, commonly known as the “right to be forgotten.”
Two months of work to improve GDPR compliance
Tide had little of the technical debt or legacy technology that typically burdens traditional financial services organizations. However, it was dealing with a large volume of data and needed to scale quickly. When its data science team lead Hendrik Brackmann came on board, the team reported to Finance and had just two employees. It was Brackmann’s job not just to grow the team, but to choose the right data platform technology.
Tide faced another challenge: GDPR compliance. Supporting the GDPR’s right to erasure proved a daunting task. Compliance was only semi-automated and involved manual and potentially error-prone remediation. Every organization had different opinions about what fields constituted personally identifiable information (PII) under GDPR. Tide wanted a one-click deletion process that worked across Snowflake, Snowflake’s upstream sources, and the other analytics and data transformation tools in its stack.
Tide also needed an efficient way to classify all of its PII, but initial estimates showed it would be a challenging task. Michal Szymanski, Tide’s Data Governance Manager, said, “If we were very diligent and did it for every schema, then it would probably be half a day apiece. So half a day, 100 times.” In other words, it would take Tide two months to classify all of its sensitive data.
Snowflake & Atlan: Powering visibility, trust and automation
The initial goal was to incorporate machine learning at Tide. But as Brackmann said, “It quickly became clear that you can’t realize that if you don’t have a data platform.” Snowflake became the centerpiece of the team’s data platform and a one-stop shop for corporate data.
After years of building up its modern data stack and establishing consensus around GDPR scope, Tide adopted and integrated Atlan to give it a 360-degree view of how data traveled across the organization. Using Snowflake as the organization’s data warehouse meant the team had a single repository for all its data. They then used Atlan to trace PII to its upstream sources. This enabled them to identify the teams who owned the data and work with them on designing a more robust deletion process.
After consulting with Atlan, Tide decided to use Atlan Playbooks to automatically identify, tag and classify data. With items from Snowflake appropriately tagged, Tide could mask PII such as account numbers, email addresses and phone numbers in the Atlan UI. That enabled a diverse set of users, including data engineers, data analysts, data consumers—in fact, anyone in the organization—to find and discover Snowflake data via Atlan while still ensuring customer privacy.
50 days of work reduced to 5 hours
With Snowflake at the center of Tide’s modern data stack, Brackmann quickly grew his team from just two people to 67, empowering them to better support a fast-scaling business. But this rapid growth also meant a rapid growth in data, which complicated compliance efforts.
Fortunately, Brackmann and Szymanski found that Atlan and Snowflake made for a winning combination. Atlan enabled employees at Tide to find and trace the journey of data easily across the company while at the same time simplifying GDPR compliance. Using Atlan Playbooks, Tide reduced the time required to classify all PII from an estimated 50 days to a mere five hours.
Better compliance, sooner
After saving nearly 50 days of work, Tide could now make further improvements to its process far sooner than expected. The team is now building a microservices-based orchestrator to handle personal data-related requests from customers. It also plans to leverage data lineage in Atlan to help anonymize data in accordance with GDPR standards for de-identification and Tide’s data retention obligations as a regulated business.
“Over the last year, we’ve managed to move closer to the business,” said Brackmann. “Being able to create this kind of organizational change is something that I feel very proud of.”
A partnership built for the modern data stack
Learn how your business can drive more visibility, trust, and automation with Atlan and Snowflake.