Are you sure your SQL Server accomplish all the requirements of this new Regulation? In Aleson ITC we can help you through this adaptation process.
What is the GDPR?
The General Data Protection Regulation, is the Law on the protection of personal information which must be complied with throughout the European territory since May 25, 2018.
This regulation seeks to protect and enable the privacy rights of individuals, establishing strict restrictions on the treatment and protection of data, which directly appeal to individual rights (such as the right to access their own information or refuse to process your personal data).
The GDPR also seeks to guarantee the security of personal information regardless of where it is being stored, sent or processed. Some of the data that this new regulation wants to protect are Identificacion Number, e-mail, publications on social networks or medical information, among others.
Steps that Microsoft propose to adapt to it
Determine what personal information is being managed and where it resides, identifying which servers or databases contain personal information or which rows or columns can be marked as containing it. SQL Server has several tools to discover the data, such as the sys.columns system table, Full Text indexes, Profiler or xevents.
Supervise how this personal information can be accessed and how it is processed and used, making sure that the permissions granted to the people who access the data are the minimum necessary for the accomplishment of their mission. This point can be reached with SQL Server controlling permissions with SQL Server Authentication, masking data with Dynamic Data Masking or filtering the data that a user can see in a table with Row-Level Security.
Establish security controls to prevent, detect and react to weaknesses and breaches in data protection. This requires different methods for different types of information and scenarios. To protect the data, SQL Server has several encryption mechanisms at a physical and logical level, such as encryption of connections, Transparent Data Encryption, Always Encrypted. We can also control who is accessing to the data and when, by using SQL Server Audit.
Monitor and Report
Save audits of all operations related to the personal information handling, manage information requests and notify when a regulation breach occurs. As well as track these processes and procedures to ensure that they are kept up-to-date.
Finally, in SQL Server we can control the changes record or access to a table with System-Versioned temporal tables and also with SQL Server Audit, and report those failures through SQL Alerts and DB Mail or graphical panels in real time with Power BI.
WE OFFER YOU
A 30 MIN FREE CONSULTANCY