Security

Privacy by design in the era of GDPR

Share this post:

Privacy by design GDPR“Privacy by design” is a way to make complying with GDPR regulations simpler.

Instead of having to try to protect multiple aspects of security in every system, you can ensure security is applied much more widely, so that individual areas of security and multiple connected systems are protected without additional effort or overview.

Keeping customer trust and data secure

In the age of high-profile data breaches and multi-million-dollar lawsuits, customers must be able to trust organizations with their sensitive personal information, whether that’s something as simple as their addresses or as complex as their credit card information and social security numbers.

Customers trust businesses with their information. Businesses, therefore, have a responsibility to keep customer information safe. Lost trust is lost business.

And it is not just a question of customer trust. There is more and more legislation around the world designed to ensure that businesses are taking the protection and security of third-party data seriously. The headlines recently around this have been driven by the deadline date for the European Union’s General Data Protection Regulation (GDPR). Protecting your own data, as well as customer information, should be an essential practice anyway, even if you are certain that all your customers are from the US.

Understanding and incorporating privacy by design

Meeting the requirements of legislation and customer trust isn’t just about ticking a box. It can’t be addressed through a single change or product. There needs to be a comprehensive approach to ensure there aren’t gaps in the security. One of the best ways to ensure that is through the concept of “privacy by design” as defined in GDPR.

This concept relieves businesses of some of the most thorny aspects of ensuring infrastructure is GDPR-ready. While organizations still must follow all aspects of the regulations, from informing customers what data they’re holding to giving customers explicit opt-out options and more, you can breathe a little easier knowing that your enterprise architecture incorporates privacy by design. One place to start is your enterprise messaging.

Consider a typical connected environment with messages flowing across many different connected systems. Maybe data originating from a customer will bounce across different business systems as a message: ordering, invoicing, manufacturing, shipping and loyalty programs, for example. Some of these might be with the enterprise, and others might be third-party businesses that provide a service. As messages flow, they will get saved to disk as a backup in case of a system failure. How can one ensure that every system and every disk is adequately protecting these messages without being in control of all these systems and disks, which might be owned by other organizations?

Securing data with message encryption

The end-to-end messaging encryption in IBM MQ Advanced is policy based and doesn’t require application updates. The applications themselves will be unaware that the messages will be encrypted between the sending and receiving applications. The messages being sent over MQ will have the MQ message contents encrypted, but the messaging header (properties) will remain in the clear. As each message is saved to disk in a queue, the contents remain encrypted. The messages will only be decrypted at the destination application as set in the policy.

With this in place, it becomes irrelevant how many systems the message will travel through between source and destination, or even the security or ownership of each system. You can demonstrate that the message will not be accessible except to the receiving application, therefore ensuring that there is a complete record of who has had access to every message. Therefore, it is under complete control.

This is the power of privacy by design. With businesses under pressure from GDPR and other legislation to ensure customers can trust them to look after their data and personal information, it has become essential to consider the move to tools like MQ Advanced to take advantage of cutting-edge data protection capabilities.

Download the MQ Advanced trial, or MQ Advanced for developers. For even greater simplicity, try the new hosted IBM MQ on IBM Cloud.

More Security stories

CenturyLink and Digital Realty tap IBM Cloud Direct Link to expand access

Over the past two weeks, two companies, CenturyLink and Digital Realty, have announced plans to expand direct, private access to the IBM Cloud in North America, South America, Europe, Australia and New Zealand. Both companies will use IBM Cloud Direct Link Dedicated Hosting deployments to help enterprise customers establish low-latency, global connections across a security-rich […]

Continue reading

Vendor fraud gets red light from startup using blockchain on IBM Cloud

Fortune tells the story of how a scam involving email phishing and fake suppliers victimized the most sophisticated, tech-savvy corporations. A fraudster forged email addresses, invoices and corporate stamps to impersonate a large, Asian-based manufacturer with whom the tech firms regularly did business to trick two companies into paying for computer supplies. Over a two-year […]

Continue reading

Benchmark your readiness for a GDPR-compliant world

With the EU’s General Data Protection Regulation (GDPR) data regulation going into effect, we recently wrapped the latest GDPR Summit in London. Almost 500 attendees across most industries attended three parallel tracks of GDPR focused activity: GDPR program, HR and sales, and marketing. I was honored to give the keynote with my IBM colleague Jonathan […]

Continue reading