Businesses are currently making sure that they comply with Europe’s new General Data Protection Regulation (GDPR). Or at least they should. The new laws will be taking effect in May 2018 and there are two major incentives for affected businesses to do so.
- For one, they get to avoid huge penalties for any violations to the new rules. A severe violation could set you back a maximum of 4% of your annual revenues or 20 million euros, whichever is higher.
- Complying with the General Data Protection Regulation is prima facie evidence that they care about their customers’ data and have taken steps to secure and protect this information. This would help them earn their customers’ loyalties and trust, and even put them ahead of their competitors.
It is not easy, however, to transition to the new regulation. To be GDPR-compliant, you would need to involve all aspects of your organization from human resources, to IT, to security, to legal, among many others. But a good start would be to have policies and technologies in place, and this is where Oracle can help.
But first, what are the security requirements you need for General Data Protection Regulation?
The General Data Protection Regulation encourages organizations to have “data protection by design and default”. GDPR states that both organizational and technical measures should be implemented, including safeguards on how the data is to be processed and other principles.
The GDPR, however, allows for some flexibility in how much safeguards you want to use, depending on how sensitive and the volume of personal data you collect and store.
In another article, the General Data Protection Regulation also states that controllers (and sometimes, processors) should take meticulous care in security when processing data.
In both the first and second articles, the GDPR recommends anonymization and encryption of gathered data (to ensure the integrity, availability, resilience, and confidentiality of the data). GDPR also raises the need to be able to restore access and availability to personal data should there be interruptions. Furthermore, there should be a process that would regularly test, evaluate, and assess the effectiveness of organizational and technical measures put into place for General Data Protection Regulation.
How Oracle can help you with your General Data Protection Regulation initiatives?
The General Data Protection Regulation has given companies a set of guidelines on how to protect and secure their customers’ personal data, as well as how they should act in case of a data breach.
Also, while the GDPR allows supervisory bodies and government agencies to levy a heavy penalty for data breaches, there are provisions that state that you could get off with a lower fine if you have shown compliance to new GDPR rules. So if data breaches are unavoidable, complying with GDPR can help soften the blow for you.
This is how important complying with the General Data Protection Regulation really is. The state of your art security is naturally a good starting point for your GDPR compliance journey. When you mention state of the art security, Oracle naturally comes to mind.
When it comes to GDPR, what are the Oracle solutions that you should be looking at?
1. Oracle Database
Oracle’s databases allow you to have encrypted data. This means that whatever sensitive information is stored on an Oracle Database, it can be protected using top-notch encryption, either while it is at rest or while it is transmitted to and from the database.
Oracle Database also includes a feature that allows you to anonymize information. This is very valuable if you want to mask personal data in your database tables before allowing a third party app developer or in-house IT personnel to use the data for software development or application testing. Or it could be done dynamically where sensitive data is masked, i.e. changing 11/15/1977 to **/**/1977.
Oracle databases also have safeguards against users that have more access and authority than they should, which should be very useful to ensure that there are no unauthorized modifications to a customer’s personal data stored on the database. More than that, other Oracle Database functionalities that can be helpful when encrypting and anonymizing personal data includes the ability to detect and block SQL injections and creating very detailed audit logs.
2. Oracle Cloud Access Security Broker (CASB)
For companies that are using public cloud services, such as SaaS, PaaS, and IaaS, they have come to realize that security measures taken on the cloud may not be enough. In summer of 2017 alone, there were already three very high profile data breaches in the United States and all three involved customers’ personal data.
This is the reason why companies are using cloud access security broker solutions to help protect the data that they store on the cloud. This is actually a recommended step for all companies that are putting their data on the cloud.
Oracle Cloud Access Security Broker takes it a step further by using machine learning to protect cloud services more fully. You can rely on Oracle CASB both to protect your data and to detect breaches.
What’s more, there are solutions that you can add onto Oracle CASB to help protect both Oracle and non-Oracle cloud deployments. These solutions can help detect wrongly configured services and applications, or detect suspicious activity and anomalous user behavior.
* * *
The General Data Protection Regulation is a necessary step, and the new set of regulations is very clear on what it expects from companies in the European Union or organizations that keep the private data of any European citizen. The good news is that while the new rules are stringent and the penalties are steep, compliance is relatively easy and flexible. You can use Oracle’s various solutions to help you get a good start on your GDPR compliance.
Call Four Cornerstone now at (817) 377-1144 or e-mail us if you want to learn more about Oracle’s solutions and how to make sure that your organization is ready for the General Data Protection Regulation.
Photo courtesy of Convert GDPR.