17 Sep 2019 0 minutes to read Contributors
The one-year anniversary of the introduction of GDPR is 25 May 2019. The new regulations generated vast amounts of publicity. You’ll no doubt remember being bombarded with GDPR-related emails.
According to the European Data Protection Board (EDPB), there were over 200,000 reported cases of GDPR breaches in the first nine months. It seems that many businesses are still neglecting GDPR. Yet, by failing to comply, they risk large fines and reputational damage.
As yet, there’s little hard evidence but anecdotally it seems that for many organizations the issue is not one of willful non-compliance. Rather, there is simply a huge amount of confusion about how to navigate the vast web of rules and regulations. The weight of GDPR communication may simply have resulted in managers switching off, instead of putting practical procedures in place to meet the new obligations.
That is a huge business risk. GDPR is not going away and every business needs to be continually reassessing its GDPR responsibilities and safeguarding policies. But, what actions are you taking?
One practical solution, data masking, helps make you GDPR compliant in three important ways:
Data masking helps you to protect, anonymize and safeguard personal and sensitive information. That’s why it is frequently used for bank account or credit card details, phone numbers and health and social security details. It means that, in the event of a data breach, no Personally Identifiable Information (PII) is visible. You can also set additional security access rules within your organization.
Convincing the data protection authorities that you are GDPR compliant is one thing, but how will you reassure your customers? One aspect of GDPR that many companies are unaware of is Right of Access or Subject Access Requests (SAR). This is where customers can ask companies what data they hold and what they’re using their data for.
Organizations are obliged to comply with these requests. Including your data masking policy sends a strong signal to your customers that you take their data protection seriously. This also applies to your suppliers and business partners across the supply chain. They will need to see evidence that you are doing everything possible to keep your data secure and minimize risk.
Another key area in which data masking is increasingly important is DevOps. Your developers, whether they are internal or outsourced to a third party, rely heavily on fictitious sets of data that look and behave like the real thing. Data masking allows you to use your own customers’ data for testing, while maintaining security and minimizing delays to DevOps across your organization.
GDPR compliance is a complex and on-going process. And, data masking will not solve everything. It is a bit like taking out fire insurance; it won’t prevent the fire and you still need a sensible fire safety strategy in place.
But, when you consider the severity of non-compliance (fines of up to €20million and long-term damage to your brand) implementing data masking is a small price to pay. More and more IT managers are finding that dynamic, real time data masking is an essential part of their GDPR strategy.
Visit https://www.sqltreeo.com to find out how we can automate data masking across multiple databases and help you with your GDPR compliance.