What is General Data Protection Regulation (GDPR)?
In a world of intellectual property theft, data breaches, and other cybercrimes, governments are creating regulations that require companies to take appropriate care when handling confidential personal data. The European Union's (EU) General Data Protection Regulation (GDPR) is a new, sweeping regulation that compels businesses to lock down sensitive customer information such as names, email addresses, or payment information.
The GDPR, which becomes law in 2018, sets strict limits on any business that collects, uses, or shares data from European citizens, encompassing firms based both inside and outside of the EU. Businesses that fail to implement appropriate data protective measures will face harsh penalties, including fines as great as 4% of global revenue--enough to jeopardize ongoing European operations for any corporation selling within the EU.
Data Masking and GDPR
To comply with the EU GDPR, firms must implement technical and organizational measures to secure personal information. More specifically, GDPR creates a strong imperative for companies to reevaluate how they store, manage, and protect data in on-premises data centers and cloud environments.
While stopping short of explicitly recommending specific solutions, GDPR urges businesses to consider technologies used to anonymize customer data. One such technology is data masking, an approach that transforms sensitive data values into fictitious, but realistic equivalents. Data masking de-identifies data to support GDPR compliance, but also preserves the format and consistency of the resulting data so that it remains valuable to operational analysts, software developers, or test engineers.
Data masking has become the de facto standard for protecting non-production data–data that resides in environments for development, testing, and reporting. Thus, it is critical in achieving EU GDPR compliance for non-production environments that often contain over 90% a firm's sensitive data.
Delphix Data Masking for GDPR Compliance
To make data masking for GDPR practical and effective, businesses must not only mask sensitive data, but also implement a solution for quickly delivering masked data to downstream environments. Legacy approaches to data masking are manual and resource-intensive, involving coordination across multiple teams that slows data delivery and limits masking coverage.
Delphix, however, seamlessly combines data masking with data virtualization technology to address the secure data delivery challenge head-on while complying with GDPR. With Delphix, firms can efficiently and automatically mask sensitive data, then deliver that secure data to downstream environments in just minutes, via self service.