I have successfully implemented a GDPR compliance for my client recently and my main objective was how do I store data securely to compliance with GDPR. This was a new experience for me and I wanted to help as many as possible. Therefore, I have created a small video as well as a diagram to explain it in the detail. Hope you will enjoy watching, like and share it.
It is essential that all the sensitive information which identifies an individual should be handle with care and stored securely and encrypted. And to read it correctly you need to decrypt it and serve it. This might look like an overkill for that but when it comes to security in the mind or data controller or processor, you have to do everything possible and maintain balance to it.
How can I store my data securely to make compliance with GDPR ?
There are two different databases as you can see from above diagram named A and B. Database A stores sensitive data and it needs to be encrypted to secure it. Now in the database B we could have tables like Transaction and Log which may hold information about references to data in database A and encryption key and operations etc.
Only these two store procedures have access to those databases and it contains read and write functionality as well as logic for encryption and decryption.
Also this two stored procedures are exposed to call by microservices named Read Data, Write Data. This could be done at each independent table or database to separate the core functionality. And this is a kind of architecture which allows to manage each components to maintain it separately and reduce overhead. This approach will allow to build data stored which are compliance and less likely to be pawned or in case of breach which in these case highly unlikely as each functionality can be in different environment and not depend on anything that is not out side secure or close environment. This is very crucial to understand in term of maintenance.
Pros:
- Very easy to implement and can deploy it.
- Each component may have unit test.
- High resilience and cohesive.
Cons:
- Initial setup required configuration
- Maintenance.
If you have any questions related to GDPR or SQL data and need my consultancy then you can contact me as follow
I am always happy to help others. Feel free to reach out.
Happy Coding.
Ravi