The GDPR (General Data Protection Regulation) goes into effect on May 25, 2018 all over the European Union, replacing the 1995 EU Data Protection Directive. In a nutshell, GDPR seeks to strengthening the rights of EU citizens by giving them more control over how organizations use their personal data.
In this guide we’ll look at the key requirements to meet GDPR obligations and how 4D can help you get ready for this regulation.
4D provides you with all the necessary tools to help you develop a strategy to achieve GDPR compliance! To help you build your GDPR strategy, 4D has published a developer-centric white paper, providing you with all the information required to have a good understanding of the regulation and what it means for your applications, in your specific context. It’ll be your core material for achieving the initial GDPR strategy planning. This white paper can serve as a basic support to initiate your GDPR compliance, but you’ll need to adapt it to your business specificities and especially, the nature of your data.
As the new GDPR requirements become a reality, you neet to be aware of the security needs related to personal information handling. Here are the key requirements to note:
Discover and manage sensitive data
1- Mapping your flows
The first step is to locate the systems storing sensitive data and identify which data qualifies as personal data according to GDPR.
2- management of access rights
Once the discovery phase is completed, you’ll need to understand and limit which personal data is accessed, and by whom.
An appropriate level of security must be implemented, on both the technical and organizational levels, to prevent data loss, information leaks, or other unauthorized data access. Think encryption, hashing, and integrity checking, to name a few.
Individuals have a set of data protection rights, including the right to data portability, the right to be forgotten, and the right to not be subject to automated decision-making, including profiling.
GDPR has clear articles about when and how to announce a personal data breach to regulators and/or impacted individuals. You should make sure you have the right procedures in place to detect, report, and investigate a personal data breach.
How 4D can help you?
4D is committed to complying with GDPR, across all the features we provide: from role-based data access, a robust authentication and password management system, to backups in case of disaster, and encryption of data in transit! All this and more are detailed in our Security Guide.
Even though this list is by no means exhaustive, it shows the kind of features that you can implement to comply with GDPR:
- An authentication system and the ability to control data access, allowing you to verify the identity of the person requesting access.
- Hashing functions to store a password hash, as well as making sure the stored hash matches the given password. These features help you meet another GDPR requirement, which is the ability to ensure ongoing confidentiality and integrity.
- Data encryption to secure sensitive data and keep it private.
- In 4D, you can easily export your data in a structured and machine-readable format: text, XML, and JSON. This feature fulfills the data portability requirement which is a key element of individuals’ rights.
- 4D Server communications to 4D Clients can be encrypted by simply enabling a check box and 4D will use an internal TLS certificate. This gives you the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing, as requested by the GDPR.
- 4D provides an out-of-the-box transaction-based log system. Every data modification operation is logged and can be rolled back if necessary. In the case of an interruption, the database is automatically reviewed upon restarting. Even in the case of total data corruption (i.e. bad disk, etc.). This feature helps you to comply with the GDPR requirement: “Security of processing“, which states the ability to “restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.”
- 4D allows you to keep an eye on your server by retrieving detailed information about your 4D Web Server, as well as a list of connected users and running processes. This way, you’re aware of what’s going in case of a data breach, for example.
We strongly recommend taking some time to read the GDPR. In the next phase, we’ll provide you with more materials to help you understand the requirements mandated by the General Data Protection Regulation, and 4D best practices to help you meet them! Stay tuned!