The EU has developed a new privacy / data protection law, the “EU General Data Protection Regulation”. It has been in full force since May 2018 and there is still uncertainty among a lot of companies and their data protection officers as to what is actually required by the new regulations and what kind of impact they will specifically have on their data processing processes. Especially in the big data and business intelligence environment, fundamental conflicts of interest arise and widely spread paradigms regarding data retention and analysis will potentially have to be put into question.
The following article provides an overview regarding the fundamental requirements of the GDPR and the obligations arising for companies and for the data protection officers and outlines a possible approach to comply with these requirements. In addition, the impacts of the regulation are discussed in the business intelligence context and it is shown, based on the example of the Microsoft SQL Server platform, how the requirements of the new EU Directive can be covered by features of modern database management systems.
CONCEPTS AND REQUIREMENTS OF THE GDPR
The EU General Data Protection Regulation (GDPR), which originally came into force in May 2016, has as such become legally fully enforceable since May 2018. Several years passed before the EU Commission, the EU Parliament and the EU Council of Ministers were able to agree in late 2015 to get a comprehensive reform for the strengthening and standardisation of the data protection for all Member States of the EU on its way. A lot of companies already utilised the 2-year transition period intensively and invested significant expenditures to become familiar with the new legal situation and to adjust their data processing processes from an organisational as well as from a technical perspective to the new legal framework conditions. Even though these legal framework conditions quite often were not completely new in comparison to the German Federal Data Protection Act, a completely new motivation for the implementation results due to the increase of the announced fines which can amount to up to 20 million euros or 4 % of annual revenues worldwide.
Read the complete article on novum online, the noventum newsdesk.
from the content:
Concepts and requirements of the GDPR
Implementation of the GDPR with Microsoft SQL Server
Conclusion
The following article provides an overview regarding the fundamental requirements of the GDPR and the obligations arising for companies and for the data protection officers and outlines a possible approach to comply with these requirements. In addition, the impacts of the regulation are discussed in the business intelligence context and it is shown, based on the example of the Microsoft SQL Server platform, how the requirements of the new EU Directive can be covered by features of modern database management systems.
CONCEPTS AND REQUIREMENTS OF THE GDPR
The EU General Data Protection Regulation (GDPR), which originally came into force in May 2016, has as such become legally fully enforceable since May 2018. Several years passed before the EU Commission, the EU Parliament and the EU Council of Ministers were able to agree in late 2015 to get a comprehensive reform for the strengthening and standardisation of the data protection for all Member States of the EU on its way. A lot of companies already utilised the 2-year transition period intensively and invested significant expenditures to become familiar with the new legal situation and to adjust their data processing processes from an organisational as well as from a technical perspective to the new legal framework conditions. Even though these legal framework conditions quite often were not completely new in comparison to the German Federal Data Protection Act, a completely new motivation for the implementation results due to the increase of the announced fines which can amount to up to 20 million euros or 4 % of annual revenues worldwide.
Read the complete article on novum online, the noventum newsdesk.
from the content:
Concepts and requirements of the GDPR
- Personal Data
- Implementation oft he GDPR
- Documentation obligations oft he GDPR
- Obligations to inform and disclose
- Obligations to protect the rights of data subjects
- Data protection obligations
- Accountability and notification obligations
Implementation of the GDPR with Microsoft SQL Server
- Hardening
- Authentification & Authorisation
- Dynamic Data Masking
- Row-Level-Security
- Transport Layer Security
- Transparent Data Encryption
- Always Encrypted
- Always On
- SQL Server Audit
Conclusion
