Implementation Of GDPR With SQL Server And Azure SQL Database

  • Brief about GDPR and its constituent articles
  • SQL Server / Azure Database GDPR Ready Features
  • SSMS: Data Discovery and Classification
  • Challenges


General Data Protection Regulation (GPPR) is a regulation on privacy and data protection in the European Union which addresses personal data’s transfer across and outside European Union (EU) and European Economic Area (EEA). In May 2018, all EU started to implement a new General Data Protecting regulation to protect the right to private life as a universal human right, the right to have one’s personal data safeguarded as a distinct, standalone universal human right. It is a positive step for users which safeguard the data of the users but could be challenging for the vendors to design, develop and maintain the secure system.

GDPR Article 25 — Data Protection by Design and Default

This article of the GDPR states that the controller is supposed to take the necessary organizational and technical measures to ensure that by default the data of users is protected and are not made accessible without the consent of the individual. We can control about the access to the personal data of users and way the data is processed, stored and accessed in the future.

  • Use Authentication in SQL Server (Windows and Mixed Mode )
  • Azure Active Directory Authentication
  • Object Level Permissions
  • Role-Based Security
  • Firewall (Azure SQL Database)
  • Dynamic Data Masking

GDPR Article 30 — Records of processing activities

This article 30 states that each controller and the representative of the controller is supposed to maintain the records of all the processes and activities as their responsibility such as the purposes of the processes, any disclosure of personal data and so on.

  • Auditing (Azure SQL Database)
  • SQL Server Audit

GDPR Article 32 — Security of processing

Article 32 of GDPR directs the importance of all data security and processing with pseudonymization and encryption of the data of the users, regular testing, evaluation and assessing to measure the effectiveness to ensure the security of the data.

  • Row Level Security (RLS)
  • Trasport Layer Security (TLS)
  • Transparent Data Encryption (TDE)
  • Always Encrypted
  • SQL Server AlwaysOn
  • Point-in-Time Restore (Azure SQL Database)
  • Long-Term Retention (Azure SQL Database)
  • Active Geo-Replication(Azure SQL Database):
  • You can read more about Active Geo-Replication from our last article, Azure SQL Database: Business Continuity and Disaster Recovery
  • Anonymization or Pseudonymization: Pseudonymization refers the process of replacing the information on an individual in the data such that it can be used as a pseudonym to identify the person but at the same time won’t allow the individual to be identified directly. Anonymized on the other hand can be defined as the data when the individual cannot be identified.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store