With the GDPR already in full swing, there are many things that Data Platform and Database engineers need to consider with regards to the rights of data subjects. Here, we access its effects and implications as regards SQL Servers.
What Is GDPR?
Before we take a look at the impacts of GDPR, it is worth taking some time to get an overview of what the regulation is essentially all about. To control the way businesses collect, store and use customer data, the European Union (EU) enforced a new European privacy regulation called GDPR (General Data Protection Regulation) in May 2018.
The GDPR applies to any organization or business storing critical data in their database platform no matter where they are located. The failure of any IT environment to comply with this legislation can attract heavy fines of up to €20 million.
This legislation was written to protect and preserve the privacy of users (EU citizens) when handling their Personally Identifiable Information (PII) data. GDPR gives users the rights to access their personal data and also request to remove any traces of their data at any point in time.
How Using SQL Server Can Make You Become GDPR Compliant
GDPR makes it important for SQL Server teams to implement controls and processes for protecting personal data without locking your data away or slowing down your development processes. Microsoft offers a variety of tools and features supported by SQL Server to comply with GDPR:
Using the Always Encrypted Feature
The Always Encrypted feature introduced on SQL Server 2016 enables users to encrypt their sensitive data inside client applications and help to achieve GDPR compliance. As a result, they will never reveal the encryption keys to the Database Engine (either the SQL Server or SQL Database). The Always Encrypted feature creates a distinction between those who own the data and can view it from those who only manage the data and are not actually required to access it.
You need to be on SQL Server 2016 or higher to use Always Encrypted, and your application must be using at least version 4.6 of the .NET Framework. Always Encrypted is a feature that is available in the Standard and Express editions from SQL 2016.
Dynamic Data Masking
Dynamic data masking (added in SQL Server 2016) helps to manage and control how personal data is accessed and used. Without proper authorization and access privileges, end users will be unable to read the masked data because of the hidden elements.
SQL Data Discovery and Classification
Personal data can be categorized with the help of SQL Data Discovery and Classification tool. Built into the SQL Server Management Studio (SSMS), this tool scans databases and identifies columns that may contain sensitive data. It then recommends where the sensitive data can be classified based on the findings.
SQL Vulnerability Assessment
Another important feature is the SQL Vulnerability Assessment tool which continuously tracks and scans SQL Server database environments to identify any security vulnerabilities. It then provides a report and remediation recommendations to resolve the issues encountered.
To prevent unauthorized access, row-level security gives DBAs control over specific rows in database tables and restricts access to certain rows inside the database itself.
The set of GDPR compliance tools that Microsoft offers for SQL Server is designed to make it easier for users of the database software to strictly adhere to the new data rules from the EU. However, the SQL Server can help you to easily navigate the entire process by securing data so that you can become GDPR compliant.