Only 17.4% of businesses are ready to manage their GDPR obligations, according to recent research1. That’s right, less than one in five companies is actually currently ready for GDPR, despite it having been announced more than six years ago, enshrined in law for over two years, and applicable since May 2018. Moreover, the survey results reveal that IT is where most are falling behind. Fortunately, there are ways you can get the help and support you need.
The degree of GDPR maturity among businesses varies across different parts of the regulation. For example, more businesses are compliant in risk (77%) than any other area, perhaps because many GDPR projects start with Article 30 Records of Processing initiatives. By contrast, IT application (48%) and security (53%) compliance are the two areas where the fewest numbers of businesses are mature.
Application compliance is related to Articles 15-20, and requires that you take account of how your applications facilitate and defend individuals’ rights under GDPR in relation to the personal data being processed in those applications. In practical terms, this usually means embedding functionality within your software that supports individuals’ key privacy rights, such as the right to be forgotten. This can be highly complex as it requires a strong knowledge of the application code, its logic, how it uses personal data, its data model, and how it integrates with other applications. Moreover, it also involves clear knowledge of GDPR’s hierarchy in relation to other legislation, as there may be circumstances in which other laws take precedence over privacy rights.
Secure your infrastructure
IT security compliance relates, in particular, to Article 32 where businesses have to adequately secure personal data hosted in their IT architecture. Key initiatives here are data protection, access control, monitoring of logs, and security configuration and patching. While these are generally less complicated to implement than application compliance, relatively few companies have made sufficient progress.
This is despite the fact that Oracle offers numerous technologies for making IT security compliance straightforward, both for the cloud and on-premises. For example, Italian commercial banking group, UBI Banca2, implemented a hybrid SOC (Security Operations Centre) strategy. That comprises Cloud Application Security Broker (CASB), for security across its entire cloud stack, as well as Advanced Security, which provides transparent data encryption for its core on-premises databases. Greek integrated telecommunications provider, WIND Hellas3, took a similar approach to achieve GDPR compliance for its on-premises and cloud infrastructure.
Indeed, Oracle has created a next-generation, cloud-native, comprehensive security and identity platform, called Identity Cloud Service (IDCS), that provides modern identity for today’s applications. This, along with CASB and other components, comprises Oracle’s Identity SOC, which is the cornerstone of the Oracle Trust Fabric. Identity SOC is an always-on, automated security solution that can detect and respond to advanced threats and persistent attacks—helping protect users, applications, data and workloads.
Minimise risk and make your applications ready
Oracle gives you additional options when it comes to many of the IT-related and risk aspects of GDPR. Our consultants can help strengthen your knowledge so you can decide the best way to move forward.
For example, Oracle Consulting can help you run tests to predict where personal data is held in your applications and how it is used. They can deploy a variety of powerful Oracle tools that include the Database Security Assessment Tool (DBSAT) and Oracle Configuration and Compliance Cloud Service. For databases, Oracle also has the technology to encrypt, mask, anonymize and implement strict access control rules, and much more.
1 Oracle Community for Security with the contribution of Oracle and Protiviti, collected data from 236 companies, across 16 industries in Italy, between March and June 2018, asking 11 key GDPR questions. The survey is being extended to Europe, Middle East and Africa—please share your own organisation’s status at http://bit.ly/2rMIiot.
2 UBI Banca secures their cloud using Oracle CASB cloud service.
3 WIND Hellas reduces risk and improves EU GDPR compliance with Oracle Cloud.