What you and your customers need to know about MySQL, security and GDPR
Aid your customer’s GDPR compliance with these tips on database security.
With General Data Protection Regulation (GDPR)* due to go live May 25th 2018, your customers need to be GDPR ready. With fines of up to 4% of annual revenue or £17m, whichever is the smaller, it is not a regulation that should be ignored. So why are so many businesses yet to take action when it comes to GDPR? Confusion caused by Brexit is among one of the reasons but the fact of the matter is that from May 25th 2018, companies may be fined for non-compliance.
What GDPR covers
As your customer’s technology provider, it’s important to discuss GDPR readiness with them. In this article, we provide some tips on database security areas to discuss with customers to aid compliance. But first, some fundamentals to bear in mind.
The main focus areas of GDPR are:
- Establishing data privacy as a fundamental right.
- Responsibility for data protection — anyone processing the personal data of an individual in the EU is required to be compliant with data protection regulations.
- Data Protection principles must be established, including assessment, prevention and detection.
- Enforcing compliance so businesses are faced with very severe fines.
In order to be compliant, companies have 72 hours after learning of a data breach to send a data breach notification to its national regulator.
Assessing your customer’s readiness
In discussing with your client, it is advisable to discuss the above areas, and in particular to check:
- Are they familiar with GDPR?
- Are they preparing a GDPR plan?
- Have they conducted a gap analysis of where they are currently in relation to GDPR readiness?
- Have they appointed a Data Protection Officer and Data Controller, and if not, what is their plan in this area?
There are many areas to evaluate, analyse, test and plan for in relation to GDPR, and this is where you can provide very strong value to your client.
Why your customers need MySQL
You need to prioritise conversations around your customer’s network infrastructure security. Companies typically have multiple layers of security surround the network and the database, through firewalls, intrusion detection systems and networking segmentation. This complexity often leads to company’s perception that their data is well protected.
As their technology provider, you need to highlight to customers that there are many failure points in relation to a database, particularly with access controls. MySQL Enterprise Edition has many security features to apply security measures in a best practice manner, as close to the data as possible:
- Fine-grained auditing.
- Transparent data encryption.
- User authentication.
- Advanced encryption.
- Database firewall.
In speaking to your customers, there is a good chance that at least one of these features in their MySQL environment has been overlooked, and that your customer lacks knowledge and skill in that area. This provides a great opportunity for them and you to appraise their MySQL database strategy and plans in relation to GDPR, and also to have a broader discussion about how your company can help their journey towards GDPR readiness.
* The UK Legislation is known as the UK Protection Bill