A company is implementing GDPR compliance and wants to ensure that personal data is pseudonymized in BigQuery. They plan to use Cloud DLP to tokenize data before loading. Which approach should they take to minimize changes to existing SQL queries?
BigQuery's `DLP_TOKENIZE` function allows pseudonymization at query time, minimizing changes to existing SQL.
Why this answer
BigQuery has built-in functions like `DLP_TOKENIZE` that can be used in SQL queries to tokenize data on the fly without changing the schema. This allows pseudonymization while preserving the ability to query. Pre-processing with Dataflow would change the way data is stored and require modifications to queries.
Using Cloud Functions adds complexity. Cloud KMS does not tokenize.