Presentation is loading. Please wait.

Presentation is loading. Please wait.

6 Principles of the GDPR and SQL Provision

Published byPeter Anderson Modified over 6 years ago

Similar presentations

Presentation on theme: "6 Principles of the GDPR and SQL Provision"— Presentation transcript:

1 6 Principles of the GDPR and SQL Provision

2 Your Presenter Steve Jones Evangelist, Redgate Software
Editor, SQLServerCentral @way0utwest /in/way0utwest

3 Disclaimer This is NOT legal advice
No legal review has been undertaken of this material I am not a lawyer!

4 We will discuss 6 Principles of the GDPR
Data compliance in software delivery How SQL Provision can help

5 The principles of GDPR are the principles of good data protection

6 Demonstrating Compliance
“In order to be able to demonstrate compliance with this Regulation, the controller should adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default”

7 “Appropriate Technical Measures”
Documentation Encryption, pseudonymization, anonymization Oversight of protection Change Control Procedures for out-of-process change

8 39 of the 99 GDPR Articles require evidence to demonstrate compliance
Accountability “The controller shall be responsible for, and be able to demonstrate, compliance with the principles” 39 of the 99 GDPR Articles require evidence to demonstrate compliance

9 The 6 Principles

10 Lawful, fair and transparent
“Data shall be processed lawfully, fairly and in a transparent manner in relation to individuals” GDPR Article 5 (1a)

11 You should know what data you hold and what consent has been given ie what are the expectations around storage, profiling, using or sharing data?

12 Purpose Limitation GDPR Article 5 (1b)
“Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes” GDPR Article 5 (1b)

13 If you are using data in multiple environments then you are expanding you attack surface area

14 Data Minimisation “Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed” GDPR Article 5 (1c)

15 Remember your retention policy should align to the use of the data in order to fulfil the performance of the contract, not i.e. to help with future troubleshooting, development or testing

16 Data Accuracy GDPR Article 5 (1d)
“Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay” GDPR Article 5 (1d)

17 Understanding the data you hold and how it is used or shared is critical

18 Storage Limitation GDPR Article 5 (1e)
“Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed” GDPR Article 5 (1e)

19 If you wish you use the data for other purposes, such as business intelligence. PII data which hasn’t been removed through aggregation should be masked

20 Integrity and Confidentiality
“Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures” GDPR Article 5 (1f)

21 You should be able to demonstrate compliance with all principles, so automation and documentation are key. It’s not enough to say you are compliant, you must be able to prove it

22 Data Compliance in Software Delivery

23 Data Compliance in Software Delivery
What do you process? What needs protecting? Who has access and for what purpose? How can you demonstrate adequate protection? Are you monitoring for emerging security risks? Move from tell me to show me… …consistent processes are key

24 Most organizations do ’copy-down’ live data

25 What Compliant Provisioning Looks Like
Single central view of database copies Control over creation and access Mechanism to protect data classified as sensitive Consistent (automated) process are easier to audit Record of activities

26 Conflicts around the use of data
Teams want to move fast DBAs must protect data up-to-date, realistic data on-demand access to consistent database copies all copies of data accounted for sensitive data must be sanitized

27 SQL Provision: Create, protect and manage provisioning
+ SQL Clone Data Masker

28 Demo

29 Key Benefits Virtualize Protect Automate Manage Save time provisioning
Save 99% storage space Local, isolated development Accurate testing using realistic data Protect Mask sensitive data for compliance Customize data masking rules at scale Automate Automate repeatable processes Fewer provisioning requests Manage Central auditable view of database copies Role-based provisioning permissions

30 The best compliance is deterministic
It’s not that you ‘did the right thing’ It’s that ‘the right thing is ALWAYS done’ The use of data should be driven by the consent given and the processing policies agreed to. Behaviours of its use is then driven by its classification.

31 Need help? Contact Us: sales@red-gate.com
Discover Redgate’s Full Solution Data Privacy and Protection SQL Data Privacy Suite

32

Download ppt "6 Principles of the GDPR and SQL Provision"

Similar presentations

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.

The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.

EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.

Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.

Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.

Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
DATA PROTECTION ACT 1998. INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March 2000. It is more far reaching than its predecessor,

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.

Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]

Similar presentations

Ads by Google