The new European Union (EU) data protection regulation is coming in May. Read our white paper to find out how you can accelerate your response to the new requirements.
The EU General Data Protection Regulation (GDPR) is set to take effect on May 25, 2018. This new regulation broadly affects all organizations, government agencies, and companies throughout the world that collect or use personal data tied to EU residents.
Under GDPR, there are stronger responsibilities for both data controllers and data processors. Cloud customers who collect and process personal data from individuals are "data controllers." A cloud provider, such as Oracle, typically has the role of a "data processor" who processes personal data on behalf of the data controller.
As the new GDPR requirements become a reality, organizations using cloud applications worldwide should be aware of their data privacy and security needs relating to their collection and handling of personal information. Here are four key requirements we are highlighting:
Organizations must implement an appropriate level of security—encompassing both technical and organizational security controls—to prevent data loss, information leaks, or other unauthorized data processing operations. GDPR encourages companies to incorporate encryption, incident management, network and system integrity, and availability and resilience requirements into their security program.
Individuals have greater control—and ultimately greater ownership of—their own data. They also have an extended set of data protection rights, including the right to data portability and the right to be forgotten.
Organizations will be expected to: document and maintain records of their security practices, audit the effectiveness of their security programs, and take corrective measures, where appropriate.
The GDPR has specific requirements about when and how cloud customers have to announce a personal data breach to their regulators and/or impacted individuals.
To understand and learn more about the GDPR, visit the EU GDPR webpage.
Oracle is committed to helping you develop a strategy to achieve GDPR security compliance. Oracle has more than 40 years of experience in the design and development of secure database management, data protection, and security solutions. Trusted globally, Oracle Cloud solutions have a proven track record, serving leading businesses in 175 countries. Oracle successfully manages critical business data for more than 25,000 SaaS customers throughout the world—across finance, HR, supply chain, and customer experience (CX)—on a daily basis.
Oracle Cloud Applications customers can take advantage of Oracle’s vast experience in the cloud. Over the years, Oracle has invested the resources and designed controls and processes to expertly develop and manage its applications, databases, servers, and infrastructure across the entire cloud technology stack. Oracle gives its customers a SaaS advantage by offering the most complete suite of cloud applications—designed to be secure at every layer—for the entire business. Oracle Cloud Applications can reduce risk and offer simplicity, with one set of policies and standards for your business processes. In a constantly changing regulatory landscape, Oracle Cloud Applications can help your organization address regulatory compliance more efficiently and easily.
Find out more about how Oracle Cloud Applications can help accelerate your GDPR readiness.
If you have additional data privacy and security needs beyond the standards and options built into software-as-a-service (SaaS) applications, or you use platform-as-a-service (PaaS) or infrastructure-as-a-service (IaaS), Oracle offers additional cloud security solutions and options. These solutions are designed to protect data, manage user identities, and monitor and audit IT environments. Oracle Cloud customers can also select additional Managed Security Services (MSS) to leverage Oracle expertise in deployment and security technology management to further accelerate your path to GDPR compliance.
|Oracle Product||Key Security Measures||IaaS||PaaS||Available as an MSS Option|
|Oracle Advanced Security|
|Transparently encrypt Oracle Database.||Protect Data||Yes*||Yes||Yes|
|Oracle Key Vault|
|Securely manage encryption key lifecycle.||Protect Data||Yes*||Yes*||Yes|
|Oracle Data Masking and Subsetting Pack|
|Anonymize production data in nonproduction environments.||Protect Data||Yes||Yes||Yes|
|Oracle Database Vault|
|Control privileged users access to the data in the database.||Access Control||Yes*||Yes||Yes|
|Oracle Identity Cloud Service|
|Manage identities from the cloud for hybrid access, authentication, authorization, provisioning, and single sign-on (SSO).||Access Control||Yes||Yes||Yes|
|Oracle Identity Governance|
|Manage the identity lifecycle, privileged users, identity analytics, and governance.||Access Control||Yes*||Yes*||Yes|
|Oracle Directory Services|
|Manage enterprise-grade users identity directories.||Access Control||Yes*||Yes*||Yes|
|Oracle Label Security|
|Allow individual data records to be labeled with metadata that describes the characteristic of the data and then enforces access based on those metadata rules.||Access Control||Yes*||Yes*||No|
|Oracle Audit Vault and Database Firewall|
|Centralized database security monitoring and alerting and reporting of anomalous activity management.||Monitor, Alert, and Audit||Yes*||Yes*||Yes|
|Oracle Security Monitoring and Analytics Cloud Service|
|Monitor security incidents across heterogeneous and cloud environments.||Monitor, Alert, and Audit||Yes||Yes||No|
|Oracle CASB Cloud Service|
|Discover unsanctioned cloud SaaS and implement consistent security policies across sanctioned IaaS/PaaS/SaaS environments.||Monitor, Alert, and Audit||Yes||Yes||Yes|
|Oracle Configuration and Compliance Cloud Service|
|Continuous security compliance, monitoring, and reporting for IT assets.||Monitor, Alert, and Audit||Yes||Yes||Yes|
|Additional Security Options||Key Security Measures||IaaS||PaaS||Available as a MSS Option|
|Oracle Managed Security Vulnerability Assessment Service for Oracle Technology Cloud|
|Conduct periodic security vulnerability assessments. Provide customer with reports of findings and remediation recommendations.||Assess and Monitor||Yes||Yes||Yes|
|Database Security Risk Assessment Service|
|Conduct in-depth Oracle Database security risk review. Provide customer with prioritized list of findings and remediation recommendations.||Assess and Monitor||Yes||Yes||Yes|
|Web Application Firewall with IP Intelligence|
|Protect web applications and data within from malicious attacks.||Prevent and Monitor||Yes||Yes||Yes|
*Respective Oracle product license is required to use this option.
Learn how Oracle Cloud Applications can help accelerate your response to the GDPR. Read the white paper.
For additional links on GDPR: