Automating Regulatory-Compliant Data Handling in Finance: A Case Study

The financial and insurance sector handles vast amounts of sensitive data. Compliance with banking and data privacy-focused regulations has emerged as a critical requirement, which not only minimizes the risk of data breaches and unauthorized access, but also enhances transparency, accountability, and the overall security posture of financial entities.

We describe the implementation of a regulatory-compliant data management model at Raiffeisen using Databricks, approved by internal and national regulators in Central and Eastern Europe. The model follows the need-to-know principle throughout the entire data lifecycle, from ingestion to product.

The model is structured around a “scope” concept, which specifies data access rights and resource permissions within Databricks and the AWS platform. We will outline the migration to Unity Catalog, leveraging its functionalities and Databricks’ APIs to fully automate the adoption of scope-based data management models throughout the organization.