GDPR (General Data Protection Regulation) may be an EU regulation, but it has already had global repercussions. The rules went into effect on May 25, 2018, and some international companies that had not yet adjusted saw their access to European consumers blocked. Other firms elected to actively block EU IP addresses to avoid compliance. The crackdown has begun, and with it – the hunt.
The confusion is expected to continue for years to come as enterprises begin to realize that GDPR really is a serious hurdle, including for database administration. Why is this the case, and what do you need to do to meet these wide-ranging guidelines?
In the webinar, “Is Your Database Ready for GDPR?”, Jodi Daniels, the founder of Red Clover Advisors, and Yaniv Yehuda, CTO and cofounder of DBmaestro, answer these questions. They also provide some tips about the management of GDPR and how of DevSecOps makes this an easier load to bear.
This highly-relevant webinar is free and open to all. Sign up below to watch it on demand:
GDPR is an EU regulation, but if you have any connection to doing business in Europe, you need to know about it. GDPR affects any company that processes or holds data on EU residents, so it’s a global issue.
As explained in the webinar, violating the GDPR can have massive financial repercussions. Moreover, as compliance with GDPR becomes universal, it’s to be expected that clients and vendors dealing with EU firms will also need to be compliant, so this is a competitiveness issue as well.
What is a data controller enterprise, and what is a data processor enterprise? The webinar covers how each has a different type of responsibility, and why both need to know how to work together to preserve GDPR compliance.
The webinar also discusses the types of data where GDPR applies in the context of Article 30 requirements. Not every kind of business can legally hold every type of customer data, and you need to know into which category your company falls.
In addition, once you have data, it’s not always yours to keep. GDPR specifies in what cases you can preserve data, as well as individual rights governing information. Did you know that a customer can revoke their consent to you holding their personal data—and that your system must be able to track and change this at any time?
The webinar addresses a myriad of issues like these, and provides advice about practical management steps towards ensuring compliance.
Everything boils down to the database, where all of the information subject to GDPR is stored. Not only must you comply with the regulations, but you also need to prove that you have complied, which is a matter of documentation.
Moreover, database failure in a GDPR economy means a lot more than a broken release. The potential data security breaches signified by a failure can open up a world of legal pain for any enterprise.
Where does GDPR fit in with DevSecOps?
GDPR is a particular challenge for DevOps, a practice which is growing universally and rapidly. DevOps decreases time to market substantially, but all of that rapid development must be managed with an eye on security and strict controls on who is able to do what.
In this sense, DevOps is also an opportunity. DevOps was created to provide agility and continuous integration and delivery. On the other hand, GDPR was created to fight against increasing data breaches and hacks, the risks of cloud-based data, and the threats derived from internet accessibility.
The solution to both of these issues is a set of new security requirements and processes, and the separation of duties—essentially, improved security, embodied in the idea of DevSecOps.
DevSecOps is an excellent way to improve your development process while maintaining GDPR compliance. The webinar explains how DevSecOps manages roles and permissions and policies while maintaining an audit trail. All GDPR functions related to the database can be handled through “Release Pipelines”, which are fast, yet still safe, repeatable, and scalable.
With DevSecOps, everything is managed through one clear process that can identify problems. It sets rules as part of an automated process that is consistently followed because a mechanism is enforcing it. In short, DevSecOps is a powerful practice when dealing with GDPR compliance and a host of other development challenges.
Have questions? Want to better understand how GDPR is relevant for your business? We invite you to join our webinar and get answers today.