With the May 25th deadline looming closer, it’s easy to find resources on the topic of the EU’s General Data Protection Regulation and what it will mean for organizations around the globe. In fact, a search query now yields so many results that it becomes overwhelming trying to sort through them all; some facts are repeated over and over, while other questions seem to go unanswered no matter how you search for them.
As a follow up to our conversation on GDPR and what it means for IT Managers, here’s a list of the best resources to help you learn more and prepare for enforcement:
5 Must-Reads on GDPR for IT Managers
- The GDPR official site
Arguably the most important resource of all, you need to know about it because it highlights the key changes with this new legislation as compared to its precursor, the Data Protection Directive of 1995. There’s also a section for FAQs, a library of published articles, and more, all of which is presented in a very approachable and understandable format.
- The National Law Review on GDPR preparation
This article offers a great summary of the GDPR’s key requirements, advice on where to start, and a very helpful compliance checklist that’s broken down into steps based on the key topics of GDPR such as data processing, data storage, data transfers, and more.
- Microsoft’s Security Blog on addressing GDPR within their SQL platform
For organizations using SQL Server, this is a great guide to managing cloud-based or on-premises databases, how to handle and protect data, and security of data processing. They’re offering a few different resources here including a free whitepaper filled with insights and technical guidance on reaching compliance within your IT infrastructure. We also recommend that you check out Microsoft's Compliance Manager tool, desgined to connect technology solutions with regulatory requirements.
- Oracle’s Security Solutions page on GDPR
Filled with content that spans from newsletters to eBooks, customer success stories, webcasts, and analyst research to name just a few, one of the most unique items is their free Database Security Assessment tool. The tool helps identify areas where your database configuration, operation, or implementation poses a risk - and then recommends changes to reduce those risks.
- Complete list of GDPR Articles and Recitals
Often, you’ll see article or recital numbers listed when you’re reading through GDPR features; when in doubt about a particular topic of the GDPR, this guide is easy to navigate as it has been broken down by chapters, covering general provisions, principles, rights of the data subject, controller and processor, transfers of personal data, and more.
Next steps for GDPR preparation in IT
If your company is located in the EU, or holds and/or monitors the personal data of anyone in the EU (regardless of your business’s physical location), then you must be in compliance with GDPR regulations by May 25th, 2018, or else you could be faced with fines up to €20,000,000. As we discussed in our guide to GDPR for IT Managers, one of the most critical areas you’ll need to think about is your database; if you’re still using a transactional database, you’re not going to meet the GDPR’s security requirements.
While the clock is ticking fast, there is still time for you to make the change from an older, indexed sequential access method (ISAM) database like DataFlex or Btrieve to a more robust SQL database system which offers additional data protection layers.
Disclaimer: This information is not legal advice for your company to use in complying with the EU’s data privacy law, the General Data Protection Regulation. Instead, it provides information to help you understand your options for moving your existing application to a SQL database, which offers a data protection layer not found in transactional databases, such as Btrieve or Dataflex. In summary, we insist you consult an attorney for advice on interpreting GDPR requirements or for particular legal advice.