Achieving GDPR compliance with SQL Server

Achieving GDPR compliance with SQL Server

Microsoft designed SQL Server and Azure SQL Database with industry-leading security measures and privacy policies to safeguard your data in the database, including the categories of personal data identified by the GDPR. Spanish Point implement built-in SQL security capabilities to help you on your journey to reducing risks and achieving compliance with the GDPR.

Controlling who has access to your database and managing how data is used and accessed is a critical requirement of the GDPR. SQL Server and Azure SQL Database provide controls for managing database access and authorization at several levels:

  • Azure SQL Database firewall limits access to individual databases within your Azure SQL Database server by restricting access exclusively to authorized connections. You can create firewall rules at the server and database levels, specifying IP ranges that are approved to connect.
  • SQL Server authentication helps you ensure that only authorized users with valid credentials can access your database server. SQL Server supports both Windows authentication and SQL Server logins. Windows authentication offers integrated security, and is recommended as the more secure option, where the authentication process is entirely encrypted. Azure SQL Database supports Azure Active Directory authentication, which offers a single sign-on capability and is supported for managed and integrated domains.
  • SQL Server authorization enables you to manage permissions according to the principle of least privilege. SQL Server and SQL Database use role-based security, which supports granular control of data permissions via the management of role memberships and object-level permissions.
  • Dynamic data masking (DDM) is a built-in capability that can be used to limit sensitive data exposure by masking the data when accessed by non-privileged users or applications. Designated data fields are masked in query results on the fly while the data in the database remains unchanged. DDM is simple to configure and requires no changes to the application. For users of Azure SQL Database, dynamic data masking can automatically discover potentially sensitive data and suggest the appropriate masks to be applied.
  • Row-level security (RLS) is an additional built-in capability that enables SQL Server and SQL Database customers to implement restrictions on data row access. RLS can be used to enable fine-grained access over rows in a database table, for greater control over which users can access which data. Because the access restriction logic is in the database tier, this capability greatly simplifies the design and implementation of application security.

Download (13)

Another core requirement of the GDPR is protecting personal data against security threats. Spanish Point implement SQL Server and SQL Database to provide a powerful set of built-in capabilities that safeguard data and identify when a data breach occurs:

  • Transparent data encryption protects data at rest by encrypting the database, associated backups, and transaction log files at the physical storage layer. This encryption is transparent to the application, and uses hardware acceleration to improve performance.
  • Transport Layer Security (TLS) provides protection of data in transit on SQL Database connections.
  • Always Encrypted is an industry-first feature that is designed to protect highly sensitive data in SQL. Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the database engine. The mechanism is transparent to applications, as encryption and decryption of data is done transparently in an Always Encrypted–enabled client driver.
  • Auditing for SQL Database and SQL Server audit track database events and write them to an audit log. Auditing enables you to understand ongoing database activities, as well as analyze and investigate historical activity to identify potential threats or suspected abuse and security violations.
  • SQL Database Threat Detection detects anomalous database activities indicating potential security threats to the database. Threat Detection uses an advanced set of algorithms to continuously learn and profile application behavior, and notifies immediately upon detection of an unusual or suspicious activity. Threat Detection can help you meet the data breach notification requirement of the GDPR.

For more information about using SQL Server/Azure SQL Database to become GDPR compliant Contact us here