The upcoming enforcement of the European General Data Protection Regulation (GDPR) means that more likely than not your organization probably needs to make some changes to how it handles personal data, and how your team handles breaches and incident response. We’re a company of developers, and know how it feels to have to sift through 100s of pages of legal jargon to figure out the changes you really need to make to achieve DevOps GDPR compliance for your organization.
In this article we’re going to focus on what’s important and cover an overview of the regulation, the key terminology you’ll see, what’s important to your team, and other resources you can use to learn more. In future posts we’ll be going through Sysdig Secure and how you can use it detect intrusions, block attacks, and run deep forensics in GDPR specific scenarios.
GDPR explained for DevOps Engineers
The European General Data Protection Regulation (GDPR) is a regulation that’s meant to unify and strengthen data protection for all members of the EU. Or via http://www.eugdpr.org/ “it’s the most important change in data privacy regulation in 20 years”
Who does this effect?
GDPR requirements apply to any organization doing business in the EU or that processes personal data originating in the EU, be it the data of residents or visitors. (Yes, that includes companies headquartered outside the EU that collect data originating in the EU from EU citizens)
GDPR Key Terms
**Data Processor – **This is a “person, public authority agency or any other body which processes personal data on behalf of the controller.”
Example: A billing company processing customer payments on behalf of the Cellular Service company is the Processor.
**Data Controller – **This is a “person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.“
Example: A Cellular Service Provider collecting personal information from its customers is the Controller.
Regulation vs Directive – A regulation is a legal act of the European Union that becomes immediately enforceable as law in all member states simultaneously. Regulations can be distinguished from directives which, at least in principle, need to be transposed into national law.
GDPR DevOps FAQ
**What is personal data? – **anything than be used to directly or indirectly identify a person
Do I need a Data Protection Officer (DPO)?
Yes, if you:
What are the penalties for not complying with GDPR regulations?
What you need to know about handling breaches?
Resources for GDPR Compliance Initiatives
**How Sysdig Secure helps with your GDPR compliance initiatives **
We’ll be covering GDPR specific use cases in following posts, but there are two main areas that Sysdig Secure will address out of the box to make sure you’re confident on May 25th, 2018.
Contact us here if you’d like to learn more about how we can help with your GDPR compliance initiatives.