{"id":78843,"date":"2018-05-20T19:49:47","date_gmt":"2018-05-20T19:49:47","guid":{"rendered":"https:\/\/www.red-gate.com\/simple-talk\/?p=78843"},"modified":"2018-05-21T13:01:55","modified_gmt":"2018-05-21T13:01:55","slug":"my-thoughts-from-redgates-sql-privacy-summit","status":"publish","type":"post","link":"https:\/\/www.red-gate.com\/simple-talk\/blogs\/my-thoughts-from-redgates-sql-privacy-summit\/","title":{"rendered":"My thoughts from Redgate\u2019s SQL Privacy Summit"},"content":{"rendered":"<p>Last Friday (18<sup>th<\/sup> May 18) I attended Redgate\u2019s SQL Privacy Summit in London.\u00a0 Before I go any further, for those of you who don\u2019t know me, I\u2019m based in the UK so GDPR is very much in the forefront of our minds and I am a Friend of Redgate.<\/p>\n<p>Unfortunately, I couldn\u2019t attend all day as I had a plane to catch and couldn\u2019t be late as I had an early start the next day, as I was doing my other passion, show jumping, at Devon County Show which is a very big deal.\u00a0 I\u2019m happy to say it was well worth it as I came 2<sup>nd<\/sup> in my class with my horse, Tom, photo below.<\/p>\n<p>I took away three key points from the event:<\/p>\n<ul>\n<li>My understanding of our requirements as a database developer are pretty much on point.<\/li>\n<li>There are still things I don\u2019t know. More about that to follow.<\/li>\n<li>I now have an action plan of things I need to do.<\/li>\n<\/ul>\n<p>My role changed recently from being a DBA across the entire SQL Server estate to working on one specific project and being all things SQL Server for that project.\u00a0 \u00a0Whilst I kept thinking about how this would affect me if I was still the DBA that wasn\u2019t my focus for the event.\u00a0 To summarise my current understanding.\u00a0<\/p>\n<ul>\n<li>We need to ensure that we have documented processes for everything we do with PII (Personally Identifiable Information) to show we are taking due care for each and every record.<\/li>\n<li>When developers say they want a copy of the production database to develop on, they can have it either with no data or with masked data.\n<ul>\n<li>If they want it with data the steps required are:\n<ul>\n<li>1 \u2013 clone database<\/li>\n<li>2 \u2013 mask data<\/li>\n<li>3 Steve Jones showed how this can be automated using a powershell script to call SQL Clone and SQL Data Masker.<\/li>\n<\/ul>\n<\/li>\n<li>All tables and columns need to be classified as to whether they are PII or not.<\/li>\n<li>Data loss has to be reported to the ICO within 72 hours.<\/li>\n<li>The one thing that came out that I wasn\u2019t aware of was that an unplanned server outage is deemed data loss, so the next question is, how much down time is the threshold for reporting?<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Finally, the actions I now plan on taking:<\/p>\n<ul>\n<li>As the system I\u2019m working on is very new I\u2019m going to ensure that all data is classified before being source controlled and that all PII columns have data masker rules put on them for the times we need to restore from the Production database.<\/li>\n<li>We need to document how we protect the data and the processes taken to move data and where all data is held.<\/li>\n<\/ul>\n<p>There was one question I had which I\u2019ve probably already answered for myself. That is as a good (hopefully) DBA I always tested my backups once a week with a \u00a0restore and DBCC Check DB. This was one powershell script that looped through all production databases and then restored, checked and dropped the databases.\u00a0 No databases were kept longer than that because I didn\u2019t have enough storage.\u00a0 Normally if you restore a copy of production outside production you\u2019d need to mask the data but as it was dropped as soon as it was checked I\u2019m hoping that that the masking wont be necessary.<\/p>\n<p>In summary, the event on Friday was really good, it\u2019s always great to mix with other colleagues and Redgaters.\u00a0 I even bumped into my old boss and spent a lot of time chatting with him and what\u2019s been going on since I left and that all sounds really exciting.<\/p>\n<figure id=\"attachment_78844\" aria-describedby=\"caption-attachment-78844\" style=\"width: 500px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-78844\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/05\/DSC_0551.jpg\" alt=\"\" width=\"500\" height=\"281\" \/><figcaption id=\"caption-attachment-78844\" class=\"wp-caption-text\">Coming 2nd at Devon County Show with the amazing Tom.<\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Last Friday (18th May 18) I attended Redgate\u2019s SQL Privacy Summit in London.\u00a0 Before I go any further, for those of you who don\u2019t know me, I\u2019m based in the UK so GDPR is very much in the forefront of our minds and I am a Friend of Redgate. Unfortunately, I couldn\u2019t attend all day&#8230;&hellip;<\/p>\n","protected":false},"author":10747,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[],"coauthors":[57570],"class_list":["post-78843","post","type-post","status-publish","format-standard","hentry","category-blogs"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/78843","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/users\/10747"}],"replies":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/comments?post=78843"}],"version-history":[{"count":1,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/78843\/revisions"}],"predecessor-version":[{"id":78845,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/78843\/revisions\/78845"}],"wp:attachment":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/media?parent=78843"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/categories?post=78843"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/tags?post=78843"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/coauthors?post=78843"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}