By Dane Roberts, Product Strategy, Risk Management Cloud, Oracle
The deadline for General Data Protection Regulation (GDPR) has come and gone. Many questions remain unanswered about the regulation as a slew of companies are still becoming compliant.
The consequences for non-compliance can be steep. Organizations could face fines up to 4% of total revenues or 20 million Euros for not following GDPR. In addition, EU regulators have stated "clouds" will not be exempt from GDPR enforcement.
In brief, GDPR is a data protection regulation that applies to the data of anyone who lives in the European Union. Any company—regardless of geographical location—that stores and/or processes data about an EU resident or citizen falls under the jurisdiction of GDPR. It applies to all information related to the individual, whether it’s data about their private, professional or public life. In addition, it does not matter where the data resides; it’s only about whose data it is—a sweeping regulation.
Companies must design data protection in the development of business processes for products and services. This means from the design stage all the way through the life-cycle, companies have to integrate data protection into their processing and business practices. This proactive approach or concept of considering data protection and privacy issues up front is not new; the key change with GDPR is that now it is a requirement by law.
Upon asking, EU citizens may access their personal data and information about how that data is being processed. Individuals seeking to access their data can submit a written or verbal Subject Access Request (SAR) and organizations must respond within one month.
The right to erasure, also known as the "right to be forgotten," is an EU citizen’s ability under GDPR to request erasure of personal data related to them on any one of a number of grounds. Again, individuals can make this request verbally or in writing and organizations will have one month to respond.
This right enables anyone in the EU to transfer their personal data from one electronic processing system to another, without being prevented from doing so by the data controller.
Oracle provides the tools that can help organizations streamline their compliance process. Once an organization defines its policies and procedures, they can execute those processes using the modern functionality within Oracle Cloud. Here are two examples: risk management and data management.
"Data protection by design and default" means that, under GDPR, organizations must show they have the proper processes and technologies in place to protect data in their systems.
Oracle Risk Management Cloud helps organizations embed data security, compliance and governance into the Oracle software-as-a-service (SaaS) applications that they use to run their business processes (such as finance). Oracle Risk Management Cloud provides the ability to analyze and assess security design at the lowest levels of detail, monitors transactions that involve private data, and offers an end-to-end flow to manage and certify user access and compliance. It gives you the ability to:
Data management is a complex and ever-evolving process. Organizations often manage their data manually through conversations, telephone calls, spreadsheets, and e-mail, or via a number of disparate systems—leading to information silos, data integrity problems, and a nightmare for GDPR compliance.
Oracle Enterprise Data Management Cloud takes an innovative approach at helping organizations automate the process for GDPR compliance by packaging data in a format that is manageable and available when needed.
Oracle Enterprise Data Management Cloud provides organizations with a single source of truth for personal data—centralizing it within a purpose-built system. If your data is in a plethora of systems or places and you don’t know where specific data is, it’ll be very hard to comply. You can’t erase, transfer, or report on how someone's data is being used if you don’t know where it is.