On June 5, 2013, Edward Snowden leaked confidential NSA documents that revealed how NSA was harvesting data from millions of Americans. The way the world views data privacy has changed ever since. Snowden’s revelation happened just five years ago and the landscape of data privacy will continue to change within the next five years and for long after. A recent presentation from Rani Urbas and Monika Thakur from Oracle covered the struggle between innovation and data security, how GDPR factors in and how Oracle is protecting your data in the Cloud.
Protect Enterprise Data: Innovation vs. Security
One common struggle is finding ways to accelerate innovation while still satisfying all of the stakeholders. If you’re implementing Cloud, it’s important to balance getting the full value out of it while still being mindful of data privacy regulations. You want to make sure that any data you have that can personally identify an employee, customer or vendor is completely and securely locked down. However, if you’re always concerned about GDPR and data protection, your instinct is going to tell you to lock things down and restrict access.
The best part of buying into an Oracle Cloud service is having your users log in, put in data and get business value out of it. If you restrict them from using the system, they will never benefit from it. The safest and cleanest car is that one that gets left in the garage and never gets driven around, but there’s no fun or point to that! Innovation and data privacy needs to coexist with each other instead of competing against each other.
General Data Protection Regulation (GDPR)
GDPR was created as a result of Snowden’s release of confidential documents. It replaces the Data Protection Directive 95/46/EC. GDPR was designed to harmonize data privacy laws across Europe, protect and empower all EU citizens’ data privacy, and reshape the way organizations across the region approach data privacy.
Many like to think that GDPR only affects Europe, but businesses in the United States work with partners and vendors in Europe all the time. Companies and regulations have a global reach and it would be naïve to think that something only affects on area anymore. It’s important to understand what is happening in the world of compliance and data privacy and then take appropriate measures in your organization.
GDPR Key Themes
The two key themes of GDPR are to manage and protect personal data. To break it down, managing personal data deal with the data subject’s rights like the right to rectify personal information, the right to erasure (also known as the right to be forgotten) and the right to data portability. Protecting personal data deals more with the “how,” like the security of processing, encryption, pseudonymization and the testing and evaluation of security measure.
Oracle’s Responsibility as a Data Processor
When it comes to GDPR, responsibilities are broken down between you, your employees and Oracle. You are the data controller, your employees are the data subject, and Oracle is the data processor. GDPR is a joint responsibility, and all parties must work together to comply.
As the data processor, Oracle assists customers in complying with their obligations as data controllers. Oracle will also report data breaches without undue delay and will assist customers in handling data subject access requests. Customers are in control of their own data and determining how it is handled.
To learn more about what Oracle is doing about data awareness and protection in the Cloud, check out the full presentation below.