We all know that from 25 May 2018 The GDPR will be directly applicable in all EU Member States. Its aim is to strengthen the rights individuals have over their data and make companies take the issue of data protection more seriously, as well as simplifying the regulatory environment.
GDPR follow some major Data Protection principles and one of the most important ones is Integrity and confidentiality. That means that personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Consequently the general challenge in data governance is to construct an adequate regulatory environment for the collection, processing and use of data. The environment will be adequate when the formal legal framework is reasonably well connected to the underlying technologies for collecting, processing and using data.
All that would be possible by creating a good data governance plan that can help you define policies, roles, and responsibilities for the access, management, and use of personal data, and can help you ensure your data handling practices comply with the GDPR. Data governance plan can give your organization confidence that it effectively respects data subject demands to delete or transfer data.
For the effective execution of your data governance strategy, PATECCO is able to provide its cloud services such as Azure aor Office 365 based on its gold partnership with Microsoft. These kind of services take strong measures to help protect your customer data from inappropriate access or use by unauthorized persons. They also take strong measures to help protect your customer data from inappropriate access or use by unauthorized persons.
SQL Server and Azure SQL Database
Protecting personal data in your systems and reporting on and reviewing for compliance are key requirements of the GDPR. SQL Server and Azure SQL Database provide controls for managing database access and authorization at several levels:
- Azure SQL Database firewall limits access to individual databases within your Azure SQL Database server by restricting access exclusively to authorized connections. You can create firewall rules at the server and database levels, specifying IP ranges that are approved to connect.
- SQL Server authentication helps you ensure that only authorized users with valid credentials can access your database server. SQL Server supports both Windows authentication and SQL Server logins. Windows authentication offers integrated security, and is recommended as the more secure option, where the authentication process is entirely encrypted. Azure SQL Database supports Azure Active Directory authentication, which offers a single sign-on capability and is supported for managed and integrated domains.
- SQL Server authorization enables you to manage permissions according to the principle of least privilege. SQL Server and SQL Database use role-based security, which supports granular control of data permissions via the management of role memberships and object-level permissions.
The Office 365 platform incorporates security at every level, from application development to physical data canters to end-user access. Office 365 applications include both built-in security features that simplify the process of protecting data and the flexibility for you to configure, manage, and integrate security in ways that make sense for your unique business needs
Office 365 solutions have several features that can help you manage personal data:
- Data governance features in the Office 365 help you archive and preserve content in Exchange Online mailboxes, SharePoint Online sites, and OneDrive for Business locations, and import data into your Office 365 organization.
- The Retention feature in Office 365 can help you manage the lifecycle of email and documents by keeping the content you need and removing content after it’s no longer required.
- Advanced Data Governance uses intelligence and machine-assisted insights to help you find, classify, set policies on, and take action to manage the lifecycle of the data that is most important to your organization.
- Information management policies in SharePoint Online enable you to control how long to retain content, to audit what people do with content, and to add barcodes or labels to documents. ( Microsoft Whitepaper: Beginning your General Data Protection Regulation Journey)
To be in compliance, European companies and those outside of Europe should adopt a user-centric, layered security model approach around the tenets of prevent, detect, respond and predict. PATECCO builds up its strategy to help organisations adhere to security disciplines needed for GDPR regulations. In this way they can protect customer personal information and avoid the data breaches, heavy fines and loss of reputation.
PATECCO’s IAM experts constantly highlight the need for organisations to start addressing all GDPR requirements now by adopting solutions for access governance and management, secure mobile access, email security, and protecting the perimeter of their networks.
Author: Dr. Ina Nikolova