Chapter 13: Compliance Self-Test — Data Vault Foundations

THE BRIEFING

Core

This is a self-assessment. Write each answer the way you would explain it to a colleague or a client.

HOW THIS WORKS

Technical lens — focuses on reasoning, not recitation. Can you explain how you’d implement it and why Data Vault handles it well?

Communication lens — evaluates clarity. Is the answer conversational and consultant-grade, not legalistic?

For each question: write your answer in the textarea, then submit to see the model answer. There are 4 hidden trap questions — they look identical to regular questions until you submit.

IS / IS NOT — Your Role in This Assessment

IS: Thinking like a BI consultant — understanding regulations well enough to implement solutions.

IS NOT: Thinking like a lawyer — reciting Articles and citing regulations.

IS: Framing answers as “here’s how a consultant would approach this.”

IS NOT: Framing answers as “the regulation says...”

CALIBRATION ROUND

Core

Before diving in, let’s check where things stand. This is calibration, not scoring.

M Calibration CORE

QUESTION 1 OF 4

“GDPR and the EU Data Act both create rights around data. What’s the key difference?”

M Calibration CORE

QUESTION 2 OF 4

“Name the three dimensions of data sovereignty.”

M Calibration CORE

QUESTION 3 OF 4

“ISO 27001, SOC 2, ISAE 3402 — one sentence each.”

M Calibration CORE

QUESTION 4 OF 4

“The EU AI Act classifies AI by risk level. What are the four tiers, and what happens at each?”

TECHNICAL COMPLIANCE

Core

the examiner pushes for reasoning, not recitation. He wants to see how you think through a problem, not what you memorized.

M a senior consultant CORE

M1 — GDPR ERASURE WORKFLOW

“A German client receives an Article 17 deletion request. The customer has been in their system for 5 years. Describe the approach a BI consultant would take.”

M a senior consultant CORE

M2

“Is a hash key personal data under GDPR?”

INTEGRATION AND EDGE CASES

Core

Harder questions. the examiner is testing the edges of your understanding — the places where two concepts collide or where a simple answer is the wrong answer.

M a senior consultant BONUS

M9

“Is Data Vault a database?”

DEBRIEF

Core

All questions answered. Now let’s see what landed and what needs polish.

TRAP QUESTION SCORECARD

?

M2: Is a hash key personal data under GDPR?

?

M4: Where do business rules get applied?

?

M7: Can you delete a Hub row for GDPR?

?

M9: Is Data Vault a database?

Complete all sections to see your trap question results. The scorecard updates as you submit answers.

The trap scorecard above tracks itself automatically. After completing all questions, review which traps you spotted vs. missed. The reflex to build: “I’d want to think through the specifics...”

KEY CONCEPTS TO PRACTICE

These are the lines worth rehearsing out loud. Say them, don’t just read them.

ON THE GDPR-DV TENSION

“GDPR was written for transactional systems where you find a row and delete it. Data Vault was built to never delete anything. Resolving that isn’t just a legal problem or a technical problem — it’s both at once. The solution is architectural: PII Satellite isolation, Artificial Hubs, tombstone records. You design for compliance upfront so you never have to break the vault to honor the law.”

ON DATA VAULT’S COMPLIANCE ADVANTAGE

“Data Vault’s design choices — insert-only loading, load timestamps, source tracking on every row — weren’t built for compliance. But they happen to be exactly what regulators ask for under GDPR, DORA, and the AI Act. That’s not coincidence — it’s the same underlying principle: if you can reconstruct what happened and prove where data came from, you can demonstrate compliance.”

ON NOT KNOWING SOMETHING

“I’d want to think through the specifics before answering that definitively — my instinct is [X], but I’d verify [Y] before committing to it in a client conversation.”

The Rehearsal