by Christina Yue, Customer Learning Manager |

The countdown started on April 2016 and the final day is almost here. The European Union (EU) General Data Protection Regulation (GDPR) takes effect May 25. Oracle Cloud Applications customers have an advantage. The technology company has been actively helping its clients meet the challenging new requirements of GDPR for managing processes, people and technical controls. To help organizations understand exactly how to utilize Oracle Cloud Applications in order to help them comply with certain EU General Data Protection Regulation requirements, Oracle created the white paper, Accelerate Your Response to the EU General Data Protection Regulation (GDPR) with Oracle Cloud Applications. But time is short. Catch up quickly with this summary or you can read the entire document here.

GDPR will apply broadly to any company that collects and handles personal data from EU-based individuals. Individual rights have increased and strengthened. As a result, companies collecting and handling personal data – both online and offline- in the EU, will receive more scrutiny by regulators and be required to meet standards.

GDPR places a great deal of importance on individuals’ privacy rights. Through the GDPR, individuals have the right to rectify personal data that is inaccurate, to have incomplete personal data completed, and to have their own personal data erased promptly. Moreover, “individuals” refers not only to direct customers but also to a company’s employees, suppliers and website users.

Oracle Cloud Applications provide a range of capabilities to help organizations update personal data records on an ad hoc basis, e.g., following an access and rectification request, or through automated means for customers to make changes directly to their data. Depending on your businesses requirements and your use of Oracle Cloud Applications offerings, you may choose to leverage a combination of intuitive wizards, preference centers and other native features to manage personal data at scale.

Because of GDPR, individuals now have the right to receive a copy of their personal data and may even obtain and reuse their data for their own purposes across different services. Oracle Cloud Applications have developed open platforms to help Cloud customers export personal data at scale. Depending on the Cloud services you have ordered, you may have access to a comprehensive suite of extensibility features to help facilitate and secure scalable personal data transmissions.

GDPR requires organizations that handle personal data to implement technical and organizational measures to ensure an appropriate level of security. Measures should consider the costs of implementation, scope, the purpose of processing, as well as the actual risk and likelihood of a potential breach. To help secure the data organizations are handling and, by extension, help mitigate the potential risk of a personal data breach, it is suggested organizations consider the following security controls and processes:

• Pseudonymization and Encryption of Personal Data
• Ensure ongoing confidentiality, integrity, availability, and resilience of processing systems
• Control who may access the personal data
• Restore availability and access to personal data in the event of a physical or technical incident
• Regular testing, assessments and evaluation of security measures

Oracle Cloud Applications provide state of the art data security mechanisms and controls derived from generally accepted ‘privacy by design and privacy by default’ principles. Oracle Cloud Applications have deployed Oracle’s standard Transparent Data Encryption across key areas of infrastructure to secure personal data, with encryption keys stored in password-protected containers in accordance with accepted industry security standards. Customers may also choose to hash identifiers to pseudonymize personal data, as well as encrypt data in transit between a user’s browser and a web server leveraging TLS.

To help enforce authorized access to personal data, Oracle Cloud Applications provide the ability for organizations to implement and configure granular access controls. Organizations, then, can distinguish which individuals or groups should have access to personal data. Advanced User Management can help define specific user roles and groups which can be assigned to pre-defined permissions across Oracle Cloud Applications. In addition, Single Sign-On (SSO), Secured User Access, and IP Whitelisting mechanisms may also be used as an additional layer of protection to prevent unauthorized access to personal data based on your business and legal needs.

Oracle is committed to helping Cloud Applications customers address their GDPR needs and to providing easy-to-use tools and transparent controls that can be leveraged by customers towards this goal. As you are challenged with operating in an ever-changing regulatory landscape, you can count on Oracle to help you accelerate your response to the EU General Data Protection Regulation.