With all the activity around the new European Union General Data Protection Regulation (GDPR), some organizations are scrambling to understand the impact it will have, including but not limited to:
Addressing GDPR compliance requires a coordinated strategy involving different organizational entities including legal, human resources, marketing, security, IT and others. The subject matter may involve information collected from various entities (i.e. customers and employees), as well as coordinated communications and technology used. Organizations should therefore have a clear strategy and action plan to address the GDPR requirements with an eye towards the May 25, 2018 due date.
My colleagues, Alessandro Vallega and Angelo Bosis, and I put together this whitepaper on Oracle Security Solutions that help our customers address some of their requirements for GDPR.
Leveraging Oracle's experience built over the years, and our technological capabilities, we are committed to help customers implement a strategy designed to address GDPR security compliance. This whitepaper explains how Oracle Security solutions can be used to help implement a security framework that addresses GDPR. To learn more about Database Security solutions that help address GDPR, please read this other paper.
Overall, GDPR addresses the key security tenets of confidentiality, integrity, and availability of systems and data. Oracle has a long history, and proven record, of securing data and systems. Oracle security includes a full set of hybrid cloud solutions, from the chip to applications, that help prevent, detect, respond to, and predict security threats; it can also help address regulations like the GDPR.
The benefits of strategically implementing the right technology, with effective security controls, can help:
Ultimately, implementing effective security will offer organizations the opportunity to improve their IT security and IT security organization.
Therefore, we looked at four different solution areas to create a framework for Oracle and how our products can help customers address GDPR (see image): Discovery, enforcement, enrichment, and foundation.
Discovery. On premises products and cloud services that can help discover personal data and map data flows. This technology includes the discipline of data governance and provides capabilities such as data lineage, asset inventory, and data discovery.
Enrichment. Enrichment includes application modifications that may be necessary to comply with rights of the data subject (Art. 15-20). As well, it may be necessary to consolidate customer data to get a single view of the data subjects across the organization.
Foundation. The comprehensive set of mature operational technologies that are a part of Oracle’s DNA to enable good IT security with an emphasis on availability and performance of the services. This includes hybrid cloud solutions from maximum availability architecture and engineered systems to operating systems and processors. These solutions can help address “availability and resilience of processing systems and services; and the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident” (Art. 32).
Enforcement. Oracle hybrid cloud technologies that enforce security policies and controls that protect people, software, and systems. This encompasses products and services that provide predictive, preventive, detective and responsive security controls across database security, identity and access management, monitoring, management, and user behavior analytics.
We welcome you to download the paper, Helping Address GDPR Compliance Using Oracle Security Solutions to learn more.