Learn more about about the latest GDPR requirements

Are You Ready for GDPR?

The new European Union (EU) data protection regulation is coming in May. Read our white paper to find out how you can accelerate your response to the new requirements.

 

What Is GDPR?

People on computer planning for the General Data Protection Regulation

The EU General Data Protection Regulation (GDPR) is set to take effect on May 25, 2018. This new regulation broadly affects all organizations, government agencies, and companies throughout the world that collect or use personal data tied to EU residents.

Roles Under GDPR

Under GDPR, there are stronger responsibilities for both data controllers and data processors. Cloud customers who collect and process personal data from individuals are "data controllers." A cloud provider, such as Oracle, typically has the role of a "data processor" who processes personal data on behalf of the data controller.

Key GDPR Requirements for SaaS Customers

As the new GDPR requirements become a reality, organizations using cloud applications worldwide should be aware of their data privacy and security needs relating to their collection and handling of personal information. Here are four key requirements we are highlighting:

Data Security

Organizations must implement an appropriate level of security—encompassing both technical and organizational security controls—to prevent data loss, information leaks, or other unauthorized data processing operations. GDPR encourages companies to incorporate encryption, incident management, network and system integrity, and availability and resilience requirements into their security program.

Extended Rights of Individuals

Individuals have greater control—and ultimately greater ownership of—their own data. They also have an extended set of data protection rights, including the right to data portability and the right to be forgotten.

Documentation and Security Audits

Organizations will be expected to: document and maintain records of their security practices, audit the effectiveness of their security programs, and take corrective measures, where appropriate.

Data Breach Notification

The GDPR has specific requirements about when and how cloud customers have to announce a personal data breach to their regulators and/or impacted individuals.

To understand and learn more about the GDPR, visit the EU GDPR webpage.

Accelerate Your Path to GDPR Compliance with Oracle

Oracle is committed to helping you develop a strategy to achieve GDPR security compliance. Oracle has more than 40 years of experience in the design and development of secure database management, data protection, and security solutions. Trusted globally, Oracle Cloud solutions have a proven track record, serving leading businesses in 175 countries. Oracle successfully manages critical business data for more than 25,000 SaaS customers throughout the world—across finance, HR, supply chain, and customer experience (CX)—on a daily basis.

Oracle Cloud Applications customers can take advantage of Oracle’s vast experience in the cloud. Over the years, Oracle has invested the resources and designed controls and processes to expertly develop and manage its applications, databases, servers, and infrastructure across the entire cloud technology stack. Oracle gives its customers a SaaS advantage by offering the most complete suite of cloud applications—designed to be secure at every layer—for the entire business. Oracle Cloud Applications can reduce risk and offer simplicity, with one set of policies and standards for your business processes. In a constantly changing regulatory landscape, Oracle Cloud Applications can help your organization address regulatory compliance more efficiently and easily.

Find out more about how Oracle Cloud Applications can help accelerate your GDPR readiness.

Advanced Security Solutions and Options for SaaS, PaaS, and IaaS Customers to Help Accelerate Your Response to GDPR

If you have additional data privacy and security needs beyond the standards and options built into software-as-a-service (SaaS) applications, or you use platform-as-a-service (PaaS) or infrastructure-as-a-service (IaaS), Oracle offers additional cloud security solutions and options. These solutions are designed to protect data, manage user identities, and monitor and audit IT environments. Oracle Cloud customers can also select additional Managed Security Services (MSS) to leverage Oracle expertise in deployment and security technology management to further accelerate your path to GDPR compliance.

Oracle Product Key Security Measures IaaS PaaS Available as an MSS Option
Oracle Advanced Security        
Transparently encrypt Oracle Database. Protect Data Yes* Yes Yes
Oracle Key Vault        
Securely manage encryption key lifecycle. Protect Data Yes* Yes* Yes
Oracle Data Masking and Subsetting Pack        
Anonymize production data in nonproduction environments. Protect Data Yes Yes Yes
Oracle Database Vault        
Control privileged users access to the data in the database. Access Control Yes* Yes Yes
Oracle Identity Cloud Service        
Manage identities from the cloud for hybrid access, authentication, authorization, provisioning, and single sign-on (SSO). Access Control Yes Yes Yes
Oracle Identity Governance        
Manage the identity lifecycle, privileged users, identity analytics, and governance. Access Control Yes* Yes* Yes
Oracle Directory Services        
Manage enterprise-grade users identity directories. Access Control Yes* Yes* Yes
Oracle Label Security        
Allow individual data records to be labeled with metadata that describes the characteristic of the data and then enforces access based on those metadata rules. Access Control Yes* Yes* No
Oracle Audit Vault and Database Firewall        
Centralized database security monitoring and alerting and reporting of anomalous activity management. Monitor, Alert, and Audit Yes* Yes* Yes
Oracle Security Monitoring and Analytics Cloud Service        
Monitor security incidents across heterogeneous and cloud environments. Monitor, Alert, and Audit Yes Yes No
Oracle CASB Cloud Service        
Discover unsanctioned cloud SaaS and implement consistent security policies across sanctioned IaaS/PaaS/SaaS environments. Monitor, Alert, and Audit Yes Yes Yes
Oracle Configuration and Compliance Cloud Service        
Continuous security compliance, monitoring, and reporting for IT assets. Monitor, Alert, and Audit Yes Yes Yes

 

Additional Security Options Key Security Measures IaaS PaaS Available as a MSS Option
Oracle Managed Security Vulnerability Assessment Service for Oracle Technology Cloud        
Conduct periodic security vulnerability assessments. Provide customer with reports of findings and remediation recommendations. Assess and Monitor Yes Yes Yes
Database Security Risk Assessment Service        
Conduct in-depth Oracle Database security risk review. Provide customer with prioritized list of findings and remediation recommendations. Assess and Monitor Yes Yes Yes
Web Application Firewall with IP Intelligence        
Protect web applications and data within from malicious attacks. Prevent and Monitor Yes Yes Yes

 

*Respective Oracle product license is required to use this option.

Learn how Oracle Cloud Applications can help accelerate your response to the GDPR. Read the white paper.

For additional links on GDPR:


Get Started