Security

Privacy by design in the era of GDPR

Share this post:

Privacy by design GDPR“Privacy by design” is a way to make complying with GDPR regulations simpler.

Instead of having to try to protect multiple aspects of security in every system, you can ensure security is applied much more widely, so that individual areas of security and multiple connected systems are protected without additional effort or overview.

Keeping customer trust and data secure

In the age of high-profile data breaches and multi-million-dollar lawsuits, customers must be able to trust organizations with their sensitive personal information, whether that’s something as simple as their addresses or as complex as their credit card information and social security numbers.

Customers trust businesses with their information. Businesses, therefore, have a responsibility to keep customer information safe. Lost trust is lost business.

And it is not just a question of customer trust. There is more and more legislation around the world designed to ensure that businesses are taking the protection and security of third-party data seriously. The headlines recently around this have been driven by the deadline date for the European Union’s General Data Protection Regulation (GDPR). Protecting your own data, as well as customer information, should be an essential practice anyway, even if you are certain that all your customers are from the US.

Understanding and incorporating privacy by design

Meeting the requirements of legislation and customer trust isn’t just about ticking a box. It can’t be addressed through a single change or product. There needs to be a comprehensive approach to ensure there aren’t gaps in the security. One of the best ways to ensure that is through the concept of “privacy by design” as defined in GDPR.

This concept relieves businesses of some of the most thorny aspects of ensuring infrastructure is GDPR-ready. While organizations still must follow all aspects of the regulations, from informing customers what data they’re holding to giving customers explicit opt-out options and more, you can breathe a little easier knowing that your enterprise architecture incorporates privacy by design. One place to start is your enterprise messaging.

Consider a typical connected environment with messages flowing across many different connected systems. Maybe data originating from a customer will bounce across different business systems as a message: ordering, invoicing, manufacturing, shipping and loyalty programs, for example. Some of these might be with the enterprise, and others might be third-party businesses that provide a service. As messages flow, they will get saved to disk as a backup in case of a system failure. How can one ensure that every system and every disk is adequately protecting these messages without being in control of all these systems and disks, which might be owned by other organizations?

Securing data with message encryption

The end-to-end messaging encryption in IBM MQ Advanced is policy based and doesn’t require application updates. The applications themselves will be unaware that the messages will be encrypted between the sending and receiving applications. The messages being sent over MQ will have the MQ message contents encrypted, but the messaging header (properties) will remain in the clear. As each message is saved to disk in a queue, the contents remain encrypted. The messages will only be decrypted at the destination application as set in the policy.

With this in place, it becomes irrelevant how many systems the message will travel through between source and destination, or even the security or ownership of each system. You can demonstrate that the message will not be accessible except to the receiving application, therefore ensuring that there is a complete record of who has had access to every message. Therefore, it is under complete control.

This is the power of privacy by design. With businesses under pressure from GDPR and other legislation to ensure customers can trust them to look after their data and personal information, it has become essential to consider the move to tools like MQ Advanced to take advantage of cutting-edge data protection capabilities.

Download the MQ Advanced trial, or MQ Advanced for developers. For even greater simplicity, try the new hosted IBM MQ on IBM Cloud.

More Security stories

IBM and CDC blockchain project uses records stored on cloud

IBM and the US Centers for Disease Control are teaming up to build a blockchain and cloud-based data system that could track public health issues including opioid addiction. The CDC’s National Center for Health Statistics already collects copious amounts of health data from surveys, and the new system would include medical records obtained through hospital […]

Continue reading

IBM X-Force Red Security Team takes on security challenges with the help of IBM Cloud

Unless you live under a rock, you’ve likely seen a recent top news headline with the words “security breach” somewhere in there. This is not the type of press companies want to be recognized for, and it is even worse for the millions of customers who are left out in the cold when their unauthorized […]

Continue reading

CenturyLink and Digital Realty tap IBM Cloud Direct Link to expand access

Over the past two weeks, two companies, CenturyLink and Digital Realty, have announced plans to expand direct, private access to the IBM Cloud in North America, South America, Europe, Australia and New Zealand. Both companies will use IBM Cloud Direct Link Dedicated Hosting deployments to help enterprise customers establish low-latency, global connections across a security-rich […]

Continue reading