What is the EU General Data Protection Regulation?
As of May 25, 2018, the GDPR introduces far-reaching obligations for companies that collect, use, or otherwise process personal information.
- The GDPR is the EU’s reform of its privacy framework. It replaces and harmonizes the EU’s long-standing bundle of national data privacy laws.
- The GDPR introduces a single framework that is directly applicable in all EU Member States; however, a number of national customizations remain possible.
- The GDPR contains the same six core data protection principles, but there are significant changes and additional requirements designed to protect EU citizens’ privacy. For example, the GDPR introduces certain enhanced rights for covered individuals, such as data portability rights.
To whom does the GDPR apply?
- Companies established in the EU that process personal information;
- Companies based outside the EU that offer goods or services directly to individuals in the EU (regardless of whether payment is required), or monitor the behavior of individuals in the EU (for instance, through customer profiling).
These statistics come from the European Commission (release date: January 2019):
- The average fine for companies is of € 70,000.00 for the year 2019
- 95,180 complaints to Data Protection Authorities (DPAs) from any individual who believe their rights under GDPR have been violated
- 41,502 data breaches notified by companies
Siodb and its commitment to privacy toward the GDRP
The right to be forgotten
One of the key issues of the GDPR is the right to be forgotten for which the decisive element is that it is no longer possible to discern personal data without disproportionate effort. Siodb exposes the Privacy API, which permits an individual to control the lifetime of its personal data directly within the database. Hence the Privacy API gives you a unique tool to respect the 17th article of the GDPR. Furthermore, Siodb only needs one backup copy which means a single synchronization of your backup propagates the effect of the Privacy API on backups. Hence, it is no longer needed to resync months or years of backups files to respect this GDPR concept as you would do with traditional database systems.
Privacy by design
The “Privacy by design” is of significant importance for the GDPR. The term “Privacy by design” means “data protection through technology design.” It refers to the thought that data protection is best adhered to when it is already integrated into the technology at the development time. Siodb provides to your customers “Privacy by design” for personal data because it has a storage structure made for privacy which has been coded within the Siodb algorithm from its creation.
Protection by default?
Data protection by default requires you to adopt a “privacy-first” approach with any default settings of systems and applications. The philosophy of Siodb is to provide you a database that by default will have parameters set to the most secure option. You don’t need to bother yourself with configuration. And you avoid misconfiguration. Because Siodb secures your data by default.
Encryption of your data
The General Data Protection Regulation states in its 32nd article that you must protect your customer’s data and therefore use encryption. Encryption can be though to implement in traditional database systems because it’s often a complex option you have to configure and maintain over time. Siodb encrypts your customers’ data by default. In the event of a GDPR audit, you should demonstrate that you implemented measures which the principles of data protection by default and data protection by default. Isn’t convenient to have the database doing that automatically by default for you?
The personal data retention period
The second point of the 25th article of the GDPR states that companies shall implement appropriate technical and organizational measures for ensuring that, by default, personal data must be kept only for the period which is necessary for each specific purpose of the processing are processed. What technique are you using to validate the retention period for personal data?
When you use the Privacy API from Siodb, you or your customers can set an expiration date on personal data. Whenever the retention period is over, a job in Siodb overwrites with random bits the personal data that shouldn’t be more in your information system. Then the destruction is propagated through every backups, standby, or distributed node of Siodb.
Should you need more information, please contact us and we’ll get back quickly to you.