If you hold ‘personally identifiable information’ (PII) about EU citizens, the new General Data Protection Regulation (GDPR) applies to you. That’s true even if you aren’t in the EU, since this law is extra-territorial.
This is significant for various reasons, including the fact that the maximum penalties for failing to comply would probably bankrupt your organization. The GDPR is already the law, and enforcement will start in May 2018 – so there’s a limited amount of time to get prepared.
PII data exists in many forms: documents, emails, databases, etc. For the rest of this blog post I’m specifically going to talk about software development and structured databases, but if you’re interested in other forms of data, you might like to learn about the various features Microsoft is adding to Office365.
The GDPR is a massive regulation covering many topics including consent, Data Protection Officers (DPOs), data breach notifications, the right to be forgotten and international data transfers, to name but a few. In this post I’m mainly referring to the parts of the GDPR that relate to security and ‘Privacy by Design and Default’, etc.
In order to make your SQL databases compliant with these aspects of the GDPR, there are four steps you’ll probably need to take, as outlined in the ICO Data Protection Self-Assessment Toolkit:
“Organize an information audit, across the organization or within particular business areas; document what personal data you hold, where it came from and who you share it with.”
“Look at the various types of data processing you carry out, identify your lawful basis for carrying it out and document it.”
“Document what personal data you hold, where that data came from and who it is shared with.”
“Implement appropriate procedures to ensure personal data breaches are detected, reported and investigated effectively.”
… and …
“Implement a plan to introduce the new GDPR Data Privacy Impact Assessments (DPIAs) within your business.”
These tasks will be challenging for many organizations to achieve. However, with the urgency and penalties associated with the GDPR, the IT industry is being forced to wake up to the fact that it needs to act more responsibly with sensitive data.
There is a big (and long overdue) opportunity here: the potential penalties make this a good time to ask senior management for the necessary budget/resources required to get our houses in order.
How Redgate and DLM Consultants can help
With so many organizations tackling the problems associated with regulatory compliance, Redgate has been receiving requests from customers for software that can help to solve the various technical challenges.
In response Redgate has been investing heavily in a new suite of tools. You can learn about some of the prototypes here, and you’ll be seeing various new features and products being released over the next few months.
At the same time DLM Consultants has been at the front line. For the last 18 months it’s been busy helping customers to adopt Database DevOps and Database Lifecycle Management (DLM). DLM Consultants has witnessed a growing awareness that IT teams need to improve the way they handle sensitive data within the context of their database lifecycle, but these teams are overwhelmed by the new legislation and need guidance.
Redgate and DLM Consultants both recognize a need for new tooling and expert leadership to support organizations to take effective steps towards the responsible management of sensitive data and associated regulatory compliance.
Over the next few months Redgate will be producing a new suite of software to provide an ‘ingeniously simple’ approach for compliant database development. It will do this by extending some of its existing tools and adding some new ones. If you’d like to join the early access program, let us know.
If you’d like some support, DLM Consultants will be providing free help for a select group of people concerned at the emerging need to manage their data more responsibly. At the same time, the insights gained will be collated and fed back to the development team at Redgate. This will enable Redgate to rapidly refine and polish the software, helping everyone.
If you’d like to join the ‘concierge program’, email DLM Consultants.
This is a guest post from Alex Yates. Alex loves DevOps. He also loves databases.
Alex has been helping data professionals apply DevOps principles to relational database development and deployment since 2010. He's most proud of helping SkyScanner develop the ability to deploy 95 times a day.
Originally for Redgate, later for DLM Consultants, Alex has worked with clients on every continent except Antarctica - so he's keen to meet anyone who researches penguins.
A keen community member, he helps organise the London Continuous Delivery meetup and SQL Relay. He blogs at workingwithdevs.com, speaks wherever they'll let him and manages the DLM Digest monthly email: a report on the latest database DevOps news/tutorials.
Also in Audit & Compliance
If you’ve read anything about the upcoming General Data Protection Regulation (GDPR), you’ll probably have seen the phrase Data Protection Impact Assessment (DPIA) used. It’s similar to the curr...
Also in Blog
With the rise of new virtualization technologies using containers, people are starting to think more and more about using microservices in their organizations. They’ve been getting a lot of attentio...
Also about GDPR
SQL Provision launched in January, offering users blazingly fast database copying, with a light storage footprint, centralized management, and the ability to mask any sensitive data, prior to distribu...