Pete Finnigan's Oracle Security Weblog

I wrote a short blog post last week regarding GDPR and the Oracle database and discussed at a high level the main articles that could affect your security plans for an Oracle database.

As I said last week GDPR Speaksto users of Oracle that data security matters, data security should be by default and data security should be always enabled. It also Speaks of the need to have useful and usable audit trails so that if you are breached; ideally you know straight away and either block it and stop it or stop it and react as close to the event as possible BUT if you have decent audit trails you can know how the breach happened and how the attacker got in and of course plug the gaps.

If you have a good data security regime and have planned and implemented it and you have found all important (in the case of GDPR PII) data and protected it with pseudonymisation or encryption then the impact should be less - I am not the ICO or a lawyer so cannot speak for them BUT for sure if you don't have data security or an audit trail or encryption and don't know where your data is and record how its accessed and used (audit trails) then you will have a big problem with GDPR

I did a talk a couple of times in the past about GDPR and Oracle and the slides are here - GDPR for the Oracle DBA.

#oracleace #23c #dbsec #oracle #database #security #gdpr