3 - 4 OCTOBER 2018 / EXCEL LONDON

GDPR Meets DevOps – Approaching Compliance as Code

Wednesday 16 August 2017

With the changes in EU regulation that GDPR introduces, specifically relating to how the personal data of EU citizens must be handled, organisations are facing fresh challenges in how they prove compliance. GDPR brings particular burdens with the ‘Privacy by Design’ mandate that requires data privacy is part of the system design process from day one.

With the changes in EU regulation that GDPR introduces, specifically relating to how the personal data of EU citizens must be handled, organisations are facing fresh challenges in how they prove compliance. GDPR brings particular burdens with the ‘Privacy by Design’ mandate that requires data privacy is part of the system design process from day one.

Failing to comply with GDPR could result in fines equal to 4% of Global revenue or €20m, whichever is greater.

The foundation for successful IT teams is DevOps automation. Many organisations are already redefining their infrastructure and systems configuration in code - this makes software deployment faster.  The common problem is the compromise between a rapidly moving IT team and a risk averse InfoSec function.

A recent survey of IT practitioners and decision-makers revealed 22% of respondents test compliance inconsistently and 23% don’t test at all. When GDPR becomes enforceable in May of 2018, this lack of visibility may become very costly. Many organisations are faced with an unpleasant choice: slow down and become less responsive to customers, or risk steep GDPR penalties.

Chef image for blog

By applying the DevOps principle - everything as code - to the GDPR controls, supporting the privacy by design mandate we are able to be proactive, continuously checking a compliance stance.

We can put our code based compliance controls through the existing development workflow: we can test, version, apply at scale and easily make modifications. Most importantly it makes the controls incredibly easy to collaborate on, by treating them as any other code asset in the software development process.

We can execute scans every time we make a change, on a regular schedule or as a triggered event. Anyone in our IT org, or business as a whole, can access real time compliance data on demand and use this information to correct any issues that need to be remediated.

Joe Gardiner - Compliance Architect at Chef Software - will dig deeper into the concept of Compliance as Code and explain how compliance can be a natural part of your organisation’s digital transformation, relieving the burden of the GDPR Privacy by Design mandate.   Come and hear his presentation at IP EXPO Europe on 5th October at 12.20pm.

Top