Forthcoming EU Data Protection Law

(1)

(2)

Forthcoming EU Data Protection Law

How Oracle can Help

Patrick McLaughlin

Security Architect & Oracle Fellow

EMEA Technology Solutions

22 October 2015, Riga

(3)

Agenda

1

2 What is it?

What does it contain?

How Oracle can Help?

Oracle Confidential

(4)

Agenda

1

2 What is it?

What does it contain?

How Oracle can Help?

Oracle Confidential

(5)

Currently...

Single EU Directive (Directive

95/46/EC) has not prevented

fragmentation in the way Data

Protection is implemented

Outdated: Not prepared for the

Cloud, Big Data & Social

Tough to be competitive in a

market where compliance is not

streamlined

(6)

EU Global Data Protection Regulation

Aims

Oracle Confidential – Internal 6

Improve business

opportunities by

facilitating the free flow

of personal data in the

digital single market

Enhance data protection

(7)

EU Global Data Protection Regulation

Regulation not a Directive

Immediate effect on 28 EU members

after 2 year transition period

Does not require any enabling

legislation to be passed by

governments

Extends the scope to all foreign

companies processing data of EU

residents

Unify Data Protection within

the EU with a single law

(8)

Relevant

(9)

Who should care?

(10)

Why should you care?

Administrative Sanctions

Oracle Confidential

€250,000 or 0.5%

1 €500,000 or 1%

1 €1,000,000,000 or 5%

1 - Lack of response to a data

subject In a timely fashion

- Doesn’t provide requested

information to a data subject

or fails to rectify or erase

- Fails to comply or processes

data within legal basis.

- Doesn’t notify of a breach

(11)

Agenda

1

2 Why is EU DP important for you now?

What does it contain?

How Oracle can Help?

Oracle Confidential

(12)

Data Protection Office

Data Protection by Design and Default

Data Breach Notification

Extending Security Controls

Summary of Key Points

(13)

Benefits for Citizens

Oracle Confidential

Right to be

forgotten

Easier access to

your own data

Decide how your

data is used

Right to know

you have been

hacked

Data Protection

(14)

Benefits for Businesses

Level playing field

One-stop shop

Strong enforcement

powers

(15)

Agenda

1

2 Why is EU DP important for you now?

What does it contain?

How Oracle can Help?

Oracle Confidential

(16)

Where Oracle Can Help

DB Security Options:

• Enforce fine grained access control

• Enable accountability and segregation of

duties

• Protect data

• Analyze and prevent internal / external

attacks

• And more

... efficiently

Identity and Access Management:

• Automate user management

• Prevent illicit access and frauds

• Report, audit and demonstrate

compliance

• Protect devices, applications and SOA

• Control privileged accounts

• And more

... efficiently

Oracle Confidential

(17)

Role & Privilege

Analysis

Evaluate

Security Risks

Scan Security

Configuration

Discover

Sensitive Data

(18)

*7#$%!!@!%afb

##<>*$#@34

Data

Encryption

Key Vault

DB

Controls

Access denied

“Insufficient

Privilege”

Privileged Users

Data

Redaction

ssn:xxx-xx-4321

dob:xx/xx/xxxx

Applications

Users

Region, Year

Size-based

Data

Subsetting

Dev/Test

Partners, BI

ssn:423-55-3571

dob: 12/01/1987

Data

Masking

Prevent

Attacks from Succeeding

(19)

Detect

Breaches Quickly

19

Database Firewall

!

✔

Audit Data

Audit Data,

Event Logs

Applications

Users

Audit Vault

S

YBA

SE

Policies

Reports

Alerts

!

Network

Events

(20)

Masking & Subsetting

DBA & Operational Controls

Encryption & Redaction

PREVENT

EVALUATE

Sensitive Data Discovery

Least Privilege Use

Security Configuration

Auditing

Activity Monitoring

Alerting & Reporting

DETECT

Defense-in-Depth

Security Controls

(21)



Architecture Services

– Understand an Organisation’s current security

position and define a roadmap to implement appropriate data controls

A team of dedicated security professionals with unrivalled experience in helping our

customers to secure their Oracle infrastructure to meet the legislative and regulatory