Technology

Principles of tackling GDPR and database management

Continuing our series of short guides to help you navigate GDPR, today we explore the three stages you need to go through in order to ensure your compliance.

GDPR GUIDE 3: Principles for success

Step 1: Assess

Before you put any changes into place, you need to understand where you are, including in non-production environments. You need to look at all of your processes, data profiles that are being stored in the organisation. You should also assess the sensivity levels of the data you have, and run through comprehensive risk scenarios. Understand what your current security configurations are, as well as current controls over role and privilege.

At this stage you should seriously consider enabling a single customer view across the business in order to make future maintenance more practical.

Step 2: Prevent

There are number of tasks that will need to be implemented to drive compliance, which include:

  • Encryption

  • Pseudonymisation

  • Anonymisation

  • Fine grained access control

  • Privileged access control

  • Privileged access control

We can help guide you through these steps. The diagram below illustrates how this may look in practice:

Step 3: Detect

Once everything is in place, you need to ensure you have the correct controls to ensure that breaches don’t occur, or, if they do, that you can detect and report them quickly enough. Audit controls will have to comprehensive and robust along with activity monitoring, alerting and reporting.

The diagram below illustrates how this could work in practice:

2017-11-02T10:07:33+00:00