17 November 2017

1 Comment

17 November 2017

1 Comment

Redgate data governance survey reveals database DevOps is the key to GDPR compliance

A major new data governance survey from Redgate demonstrates there are important GDPR compliance issues that need to be addressed – and that a DevOps approach to database development can provide the answers.

A first glimpse into the results of the 2017 Data Governance Implementation survey, which questioned more than 500 SQL Server professionals, reveals that 61% of respondents use a copy of their production database in development, test or QA environments. With the upcoming General Data Protection Regulation (GDPR), this is a significant concern.

GDPR comes into force in May 2018 and will stop the use of copies of production databases in development unless personally identifiable information is masked. Any company or organization which collects, stores and analyzes the data of EU citizens, whether based in the EU or not, will also need to demonstrate compliance in an auditable manner.

This appears to be at odds with a DevOps approach to database development which requires the use of realistic data in development and testing in order to get accurate feedback earlier on in the process and avoid errors hitting production further down the line.

Tools and processes are emerging, however, that anonymize or mask data, yet keeps its structure similar to the data held in production, so that DevOps and compliance can work towards the same goal, rather than being seen as mutually exclusive.

Perhaps more importantly, the processes that DevOps introduce for delivering software in a consistent, reliable, and repeatable way also provide an audit trail of changes that are made, making it much easier to demonstrate compliance compared to an ad hoc manual approach.

A measure of the value of DevOps in resolving the issues that GDPR raises is that 64% of respondents to the new survey agreed that a DevOps approach to the database has a positive impact on data governance.

The full survey is now being prepared for publication and, in advance of its release, Redgate is hosting a webinar on the topic of data protection and privacy in the world of database DevOps.

During the webinar on 21 November, PASS President Grant Fritchey and James Boother from data management experts, Coeo, will dispel the myth that database DevOps and compliance can’t go hand in hand. They’ll address the implications of the forthcoming GDPR on database management, highlight what organizations need to address, and share tools and tips for building data protection and privacy into DevOps processes.

Further information about the webinar can be found online, and you can read more about Redgate’s Database DevOps solution here.

.

Tools in this post

GDPR

Deliver GDPR-compliant data to SQL Server teams

Find out more

Share this post.

Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

Related posts

Also in Blog

Data Masker vNext: Have your say on the future of data masking

Back in 2017 Redgate acquired Net2000, a leading provider of data masking solutions for SQL Server databases. Since then, we’ve invested heavily in the data masking tools to ensure our customers can...

Also in Audit & Compliance

The future of SQL Census

SQL Census is a prototype application designed to help users navigate SQL Server permissions. We launched it in April 2017 to address the growing need for DBAs and other IT professionals to see who ca...

Also about GDPR

Automatic Provisioning of Developer Databases with SQL Provision

The GDPR, and other regulations, requires that we be careful in how we handle sensitive data. One of the easiest ways to avoid a data breach incident, and any accompanying fine, is to limit the sensit...

Also about Data governance

So what is GDPR, and why should Database Administrators care?

You’ve no doubt heard at least something about the GDPR, the EU’s new privacy and Data Management law with its greatly increased maximum fines for non-compliance and tighter definitions for accept...

  • Chris Ransom

    I am interested to know where GDPR says it “will stop the use of copies of production databases in development unless personally identifiable information is masked”… I can see nowhere in GDPR that says development or test systems should be treated any different to production systems?