Hello, How are other customers preparing for GDPR compliance. I have gone through the GDPR text and am constantly confused by its applicability to Non-EU organizations. not looking for legal advice but given the ambiguity and inevitable need to adapt to whatever GDPR brings, I'm interested in the architecture approach. Any insights on this topic will be incredibly helpful.
Yes, the May 2018 deadline looms along with the impacts. Depending on your particular industry and circumstances, the game plan may vary. At a high level, the ‘General Data Protection Regulation’ is about protecting personal data location, how it’s stored and controlled (see the EU's GDPR website).
Controls and accountability regulations are fairly granular to the country level. Because of this, you need to know where any personal data is stored, which may or may not exclude storing it in public cloud, depending on the location guarantees you can get from Public Cloud providers. You may need a private storage that is collocated to make it easier for programs running in cloud to compute (not keep the data). The colocation allows to lock the data down. Example - if someone from the outside the country (cloud or internet) wants to access the data, they can’t because the policy controls are locally enforced.
I hope this helps as a first pass, let me know if you want to dive deeper on a topic.
thanks for the reply. What are the most common areas of risk and ways to address? can you point to specific docs or resources that explains/illustrates what you wrote?
Considering the content we have on IOAKB, I suggest taking a look at the Security and Data blueprints:
Security Blueprint - the entire security blueprint is focused on creating a zero trust boundary and inspection zone at the digital edge, which is the interconnection control point for clouds, partners and user.
Data Blueprint -the data blueprint assumes and therefore leverages the design patterns delineated in the security blueprint
Please let me know if you need more guidance on this content. And best of luck with GDPR!
Choose a location
There are no forums in this space.