Considerations for GDPR readiness
- For PID:
- 5737-E33
Notice
This document is intended to help you in your preparations for GDPR readiness. It provides information about features of Integrated Analytics System that you can configure, and aspects of its use that can help your organization with GDPR readiness. This information is not an exhaustive list due to the many ways that you can select and configure features, and the variety of ways it can be used in itself and with third-party applications and systems.
You are responsible for ensuring your own compliance with various laws and regulations, including the European Union General Data Protection Regulation. You are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect your business and any actions you may need to take to comply with such laws and regulations.
The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that you are in compliance with any law or regulation.
GDPR
General Data Protection Regulation (GDPR) has been adopted by the European Union (“EU”) and applies from May 25, 2018.
Why is GDPR important?
- New and enhanced rights for individuals
- A widened definition of personal data
- New obligations for processors
- Potential for significant financial penalties for non-compliance
- Compulsory data breach notification
Read more about GDPR
Product Configuration - considerations for GDPR Readiness
The following sections provide considerations for configuring Integrated Analytics System to help your organization with GDPR readiness.
Configuration to support data handling requirements
The GDPR legislation requires that personal data is strictly controlled and that the integrity of the data is maintained. This requires the data to be secured against loss through system failure and also through unauthorized access or via theft of computer equipment or storage media.
- Handle protection of data at rest
- Use a secure access method such as ssl/ssh to gain entry
- Control user access via Kerberos/LDAP
- Set appropriate access control methods for database/tables (especially where personal data is stored)
- Monitor data access
Configuration to support data privacy
IAS only provides ways to store and access data. You are responsible for handling data privacy aspects of data that is stored in IAS. If personal data are being collected and stored in the database and tables of IAS, make sure they are collected and accessed according to the GDPR guidelines. Also, make sure access to IAS is configured using some of the secure methods as mentioned in the next section.
Configuration to support data security
IAS provides various methods to protect the data stored in the system.
All database base interactions over the network can be made secure if you use SSL. Secure Sockets Layer (SSL) is a security protocol that provides communication privacy. You can find the information in the following document to configure SSL for database access: Secure Sockets Layer (SSL) support.
All remote connections to IAS should be accomplished through the SSH protocol.
You should ensure appropriate access permissions has been configured in the database and the
database tables. This will provide additional layer protection against unauthorized access of the
data. You can use the GRANT/REVOKE
API calls as mentioned in the following document
to configure authorization to databases and tables: SQL
statements.
You should ensure that all users who access IAS have been given appropriate roles. Ensure that only the required users have been given administrator access. See the following topic on how to create different type of users and give them appropriate roles: User-defined user roles.
Ensure that only the required users in the organization have been given the default Administrator access for IAS. To view the default administrator users in IAS, see: Connecting.
You can also integrate IAS with an external LDAP directory such as OpenLDAP or Microsoft Active Directory for more secure user management in IAS.
See the following to configure external LDAP integration with IAS: External LDAP authentication.
IAS supports native encryption of data at rest for all data stored in the database tables. You can periodically rotate the master key that is used in this encryption. To learn how to rotate the master key, see: Db2® Warehouse native encryption.
IAS does not encrypt data that is kept outside the database, such as operating system logs, database logs, backups kept on the operating system filesystems, and user data files kept in the filesystems that are used to load and unload the database. So you should restrict the physical access of the IAS appliance in your data center. Also, make sure any storage media removed from the appliance is properly handled.
IAS is shipped with the remote root user access disabled by default. Only IBM Customer Support should be allowed to log in to IAS remotely if needed for any support purposes.
Data lifecycle
GDPR requires that personal data is:
- processed lawfully, fairly and in a transparent manner in relation to individuals.
- collected for specified, explicit and legitimate purposes.
- adequate, relevant and limited to what is necessary.
- accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that inaccurate personal data are erased or rectified without delay.
- kept in a form which permits identification of the data subject for no longer than necessary.
Integrated Analytics System (IAS) is a high performance, integrated data warehouse appliance. As a general purpose data warehouse appliance, IAS can be used to store a variety of data in a structured manner that can be later used for analytics and reporting purposes. Depending on your business needs, various type of data can be stored in IAS in the form of databases and tables. Being a general purpose data warehouse system, IAS does not restrict end users in storing and managing personal data in the native database and tables.
Apart from the business related data stored in the database, IAS also captures and manages operational data like user account details (such as remote IP address, userID, and local user credentials such as role).
Business data can be loaded in the database and tables residing in IAS through various means and at various stages as dictated by your business needs. This data gets loaded into the database in the following ways:
- Bulk manner using methods such as loading from a file or restoring from a backup.
- Explicitly loaded using user applications such as SQL Insert etc.
Operational data in IAS gets captured in logs and diagnostic files at various stages as determined by the architecture of the appliance.
A typical data lifecycle in IAS involves the following:
- You collect the required data as defined by your business logic.
- You then load that data into IAS.
- You perform analytics on the stored data and view the analyzed data using various database applications including the ones that are supplied with IAS.
- The data stored in IAS can also be managed by various administration tools that are provided as part of IAS.
Determine the purpose for obtaining, processing and/or storing the data
You obtain the data for analytics from various methods and sources as defined by your business logic.
Business data stored in the database and tables are mainly used by you for business analytics and reporting purposes. The operational data that is being captured in the appliance logs and diagnostic files will be used mainly for troubleshooting purposes of the appliance.
IAS uses the Db2 Warehouse product as the core entity that manages business data stored in the database and tables. You can also look into the deployment guidelines document of Db2 and Db2 Warehouse offerings for more insights on how data is managed within the database and tables.
What are the lawful bases for processing?
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data:
- Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
- Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests (This cannot apply if you are a public authority processing data to perform your official tasks.). IBM customers are responsible for getting one of the above lawful bases for each of the data they collect and load into the IAS for processing.
- Explicit requirements
-
- Ensure the appropriate consent is in place - contract, service, explicit Data Subject consent.
- Understand where the data resides in the application/solution.
- Ensure the data is secured through:
- encryption,
- access control,
- additional controls.
- Ensure the retention period of this data is clearly defined.
- Ensure the data is deleted at the end of the retention period.
- Ensure all the Data Subject rights can be fulfilled:
- Higher standards for privacy policies and statements and for obtaining consent
- Easier access to personal data by a data subject
- Enhanced right to request the erasure of their personal data
- Right to transfer personal data to another organization (portability)
- Right to object to processing now explicitly includes profiling
- Personal data used for online contact with IBM
- Integrated Analytics System clients can submit online
comments/feedback/requests to contact IBM about Integrated Analytics System subjects in a variety of ways, primarily:
- Public comments area on pages in the Integrated Analytics System community on IBM developerWorks
- Public comments area on pages of Integrated Analytics System documentation in IBM Knowledge Center
- Public comments in the Integrated Analytics System space of dWAnswers
- Feedback forms in the Integrated Analytics System community
Typically, only the client name and email address are used to enable personal replies for the subject of the contact, and the use of personal data conforms to the IBM Online Privacy Statement.
Data collection
The type of data and the methods to collect the data that will be stored in IAS is fully determined by IBM customers. IAS does not provide any explicit methods to aid in collecting data in a GDPR complaint manner.
Data storage
Storage of account data
Storage of client data
If you are loading and storing personal data in the database and tables of IAS for your business
needs, you need to make sure that you follow best practices to protect those tables. See the SQL
SQL statements for more details on how to GRANT/REVOKE
access and
authorities etc. to data stored in the database tables of IAS. Currently, IAS encrypts client data
ONLY if it is stored in the database tables of IAS, so any client data uploaded into IAS by using
files should be removed after loading their data into the database.
Some parts of client data stored in the database tables can get captured in the logs and diagnostic files of IAS to aid in troubleshooting. You should carefully manage these files outside of IAS.
Storage in backup
Backup of client data is achieved by backup of the database tables. By default, the database table data kept in the backup is encrypted. But it is still recommended that you carefully manage the storage and distribution of these backup images outside the IAS appliance.
Data access
Who can access data in your offering?
IAS users can be granted different types of roles as required by business needs. These roles
range from appliance administrator to a simple database user. Users can be given either database or
platform access, or both. In addition to giving users access to databases and tables, you can also
GRANT/REVOKE
different types of access at table or other database object levels in
order to manage the data stored in IAS. See User-defined user roles for more details on how to give a user different types of roles for
accessing IAS.
Data processing
Encryption in motion
IAS supports SSL-based database connections to manage which database client applications can interact with database tables in a secure format. It is recommended that if you are storing or accessing personal data in the database tables of IAS, you should use SSL connections. See Secure Sockets Layer (SSL) support for more details.
For non-database interactions in IAS, always ensure that clients such as SSH/SCP be used for login or file upload/download purposes. Interaction by using the web console of IAS is recommended for performing many of the administrator-related operations.
Encryption at rest
Only data kept in the database tables of IAS are encrypted in storage. The IAS database technology fully manages this encryption. For more information on how IAS manages database encryption, see Security. It is recommended that you rotate the master key periodically for better protection.
Non-database data such as data load files, database logs, system logs, system diagnostic dumps, etc. are kept in the local filesystem and are not encrypted at rest. Hence it is recommended that the IAS appliance be kept in a secure location in your data center, preferably with multiple layers of security around the physical access. Ensure that before any storage component replacement on IAS, that data in that component is securely erased. Physical destruction of the old storage component is also preferred.
Encryption key ownership
Since encryption of data in the database tables of IAS is managed by the database, clients need to manage only the key rotation.
Data deletion
Right to erasure
- Data deletion characteristics
- Data stored in IAS can be deleted by using one of the following methods:
- Data stored in database tables can be deleted either by dropping the tables when no longer
needed or by SQL commands like
DELETE /TRUNCATE
etc . - Data stored outside the database such as data load files, query outputs etc can be deleted by the administrator using filesystem utilities.
- Data stored in database and system logs or diagnostic dumps should be managed manually. Many of these logs are automatically deleted by IAS itself. But it is recommended that the system administrator periodically clean up old logs and dumps in the system.
- Data stored in database tables can be deleted either by dropping the tables when no longer
needed or by SQL commands like
Data monitoring
Customers should regularly test, assess, and evaluate the effectiveness of their technical and organizational measures to comply with GDPR. These measures should include ongoing privacy assessments, threat modeling, centralized security logging and monitoring among others.
Log monitoring
Database diagnostic logs will show information related to operations performed on the database tables by users. Other system logs can give details on logged-in users such as userid/group as well as location data such as the IP address from which the user has logged in.
Data monitoring
IAS also provides a number of monitoring interfaces in the form of table functions and event monitors. These features can be used for ad hoc monitoring of database activity. For more information, see Database monitoring.
You can also use external products to audit database activity, such as IBM Guardium Data Protection for Databases.
Activity monitoring
System audit and database audit logs can provide information on various activities in the IAS appliance.
Responding to data subject rights
Will your customers be able to address Data Subject requests from their customers?
Personal data stored in IAS in the form of database and table objects can be accessed, modified, and deleted upon request by using database API calls. See the IAS product documentation on various methods that can be used to access the data stored in IAS. Your business logic is responsible for maintaining the location of this data in IAS so that it can be accessed upon request.