Implementation Of GDPR With SQL Server And Azure SQL Database

GDPR was launched to better the management and protection of the personal data of an average user. In an era when data breach news is heard every other day, GDPR has set the guideline which organizations in the EU and EEA are obliged to follow such that the long-time gap on the advocacy of the proper legislation to protect the data of the users has come into fruition. However, it isn’t easy to process the data and provide the level of security that GDPR guideline suggests for the individual organizations. Each organization needs to document the locations and identify the storage of the personal data and apply the GDPR. In cases for the early development stage of the systems, it might be easier to identify the business process and apply GDPR to it. However, it’s a complex task and numerous organizations look for a third party solution to manage and control the security protocols the GDPR suggests. Catering to this need, built-in mechanisms and tools are provided in Azure SQL Database which supports the system to be GDPR compliant. In this article, we dive deeper into various GDPR guideliness and prospective solutions that Azure provides.

Topics covered in this Article,

  • Brief about GDPR and its constituent articles
  • SQL Server / Azure Database GDPR Ready Features
  • SSMS: Data Discovery and Classification
  • Challenges


There have been hundreds and thousands of data breaches over the years. Some of the data breaches and hacks has wiped out billions of data in some of the companies.

The following visualization from Data Breaches and Hacks shows the size of the impacts recorded by the data breaches annually.

Check out the Have i been pwned website, to see if your email id or phone number has been risked due to the data breaches at various companies you have been a user at.

GDPR Article 25 — Data Protection by Design and Default

  • Use Authentication in SQL Server (Windows and Mixed Mode )
  • Azure Active Directory Authentication
  • Object Level Permissions
  • Role-Based Security
  • Firewall (Azure SQL Database)
  • Dynamic Data Masking

C# Corner is organizing a week-long virtual annual event — Azure Summit.

Check out the official website of the summit to register as an attendee or to be a speaker and share your knowledge with the community.

GDPR Article 30 — Records of processing activities

It notes about the audit of all the records, and the personal data that is processed in the application.

  • Auditing (Azure SQL Database)
  • SQL Server Audit

GDPR Article 32 — Security of processing

Data should be encrypted and pseudonymized. A few steps that are to be taken are as follows,

  • Row Level Security (RLS)
  • Trasport Layer Security (TLS)
  • Transparent Data Encryption (TDE)
  • Always Encrypted
  • SQL Server AlwaysOn
  • Point-in-Time Restore (Azure SQL Database)
  • Long-Term Retention (Azure SQL Database)
  • Active Geo-Replication(Azure SQL Database):
  • You can read more about Active Geo-Replication from our last article, Azure SQL Database: Business Continuity and Disaster Recovery
  • Anonymization or Pseudonymization: Pseudonymization refers the process of replacing the information on an individual in the data such that it can be used as a pseudonym to identify the person but at the same time won’t allow the individual to be identified directly. Anonymized on the other hand can be defined as the data when the individual cannot be identified.

To Read the Full Article, Check it out at:

Man on a Mission - to create epochal impact