You’ve likely heard about the General Data Protection Regulation (GDPR) that begins on May 25, 2018. These requirements put forward by the European Commission, harmonize data privacy laws across the EU with the overall intent of protecting private information for European citizens. GDPR’s key principles revolve around data privacy and subject rights in our increasingly data-driven world.
Under this regulation, when there is a data breach in an organization that holds EU citizens’ information, there are strict procedures for how the company must respond. Given this data privacy overhaul, all of us need to become more diligent about how we collect and store data, and what we do with it. In this blog, let’s explore some of GDPR’s critical new data protection frameworks, and how you should adapt your environment in order to meet them.
It’s not just an EU thing!
We’re all impacted by privacy laws and non-compliance penalties are big. This new regulation broadly affects all organizations, government agencies and companies throughout the world that collect or use personal data tied to EU residents (irrespective of any physical operating presence in the EU). Any organization failing to satisfy the new regulations will face maximum penalties of 4% of global revenues or €20M, whichever is higher, as well as the potential suspension of further data processing.
Lots of organizations are preparing for it, but many are unlikely to be fully compliant by May 2018. Gartner predicts that more than 50% of organizations will still not be in full compliance by the end of this year — seven months after the regulation takes effect. Yet while complying with GDPR is a HUGE initiative, organizations that make the effort will gain the faith and trust of their customers.
These policies completely change the way data has to be handled and are going to change how you approach your data. So, how do you prepare?
GDPR has many regulations directly related to how data is accessed, stored and protected in the database layer. Here are a few to consider surrounding data design and storage:
It is important to note that full compliance with GDPR cannot be enforced with infrastructure changes alone. It is a heavy process involving policy definition and enforcement, evaluation of the complex application and IT landscape, automation (where possible) to enforce governance and modernization of infrastructure if necessary. One such layer that definitely needs evaluation and compliance is your database. Let’s look at some of the specific database implications below:
While you’re reviewing your processes and changing your organization’s data policies to meet regulations, your business, of course, cannot be interrupted. So, how do you ensure that it continues to meet business demands while also preparing for these imminent compliance requirements? It’s a good idea to simplify your assessments and secure your environment by using solutions and tools that inherently meet the standards of compliance.
Redis Enterprise meets GDPR compliance standards!
For the database layer, we at Redis Labs have spent a LOT of time making sure your deployments are secure. With Redis Enterprise, you can simplify compliance and protect your data to meet any self-imposed or industry standard security needs. We understand that data is the most valuable asset organizations have today. How it is captured, used and stored is the key to capitalizing on new technology and developing new revenue streams. Since the announcement from the European Commission, we’ve been working diligently to ensure our database software meets all GDPR regulations — demonstrating our commitment to data protection.
Redis Enterprise is a secure database that provides a great deal of controls to help you meet security standards. Each database in the system can be isolated using distinct credentials, limiting access to data. It offers multi-layer security configuration for access control, authentication, encryption, forensics, availability and more. Redis Enterprise’s capabilities include data encryption both at rest and in transit. For more on this, check out our recent webinar about how Redis Enterprise helps deliver advanced data security and encryption or the cross-links in this post that describe our security architecture in great detail.
Lastly, another great opportunity to learn more about Redis Enterprise is at our annual user conference, RedisConf. It is just over a month away—April 24th through the 26th in San Francisco—and will include training programs that deep dive into the inner workings of Redis, as well as a slew of keynotes, sessions, and topics delivered by industry leaders, community speakers and Redis experts. We hope you will join us there to learn how Redis Enterprise takes you one step closer towards data compliance, as you prepare for D-Day 🙂
If you have any questions, please do not hesitate to reach out to us at email@example.com.