About regulations
Personal data privacy regulations have become an indispensable requirement for projects dealing with personal data. The compliance with these laws is based on 4 principles:
In case of violation in the treatment of personal data, controllers and operators of these data may suffer:
Take Action
Administrators, developers and managers of data platforms on InterSystems technology can take the following detailed measures to help comply with personal data protection laws.
In compliance with the rights of the holder
- Consult the personal data that the controller keeps about the holder. Allow downloading this query in open format (JSON).
- Allow the holder to correct personal data. Use the IRIS ESB to record changes on each system where this personal data exists.
- Implement a consent management service for sharing and processing personal data, especially sensitive data. In the InterSystems Health services the HIPAA is enough.
- Β Allow the holder to consult with whom their data has been shared.
- Build an interoperability service (ESB) with the internal service system to receive requests from the holder.
In personal data governance
In privacy by design and by default
- Create a DPIA (Data Protection Impact Assessment) when deals with sensitive data, high volume data, personal profile production and use of new technologies (Machine Learning);
- Use managed key encryption to the sensitive data;
- Use TLS and HTTPS to message channels.
- Add DevSecOps in your DevOps initiative.
- Create docker models with security and best practices set by default.
- Include automated tests to security checks.
Top comments (0)