May 25, 2022
The European Union (EU) introduced its previous data protection standard 20 years ago through the Data Protection Directive 95/46/EC. Since the EU requires each member state to implement a directive into national law, Europe ended up with a patchwork of different privacy laws across different countries. In addition, increasing security breaches, rapid technological developments, and globalization over the last 20 years saw new challenges for the protection of personal data come to the forefront. In an effort to address this situation, the EU developed the GDPR, which is directly applicable as law across all member states.
Security and protection of the customer data are shared responsibilities between the customer and Oracle. Likewise, privacy compliance is also a shared responsibility between Oracle and the customer.
This shared responsibility in the context of the GDPR is defined by three key actors:
Once it goes into effect, the GDPR will apply broadly to companies that:
Personal data, also known as personal information or personally identifiable information in other parts of the world, is defined as any information relating to an individual that can be directly or indirectly identified, for example, by reference to identifiers such as:
The world has changed for companies collecting and handling personal data in the EU, both offline and online (that is, involving ecommerce or online advertising activities), due to:
Therefore, companies collecting and handling personal data in the EU will need to consider and manage their data handling practices and use cases more carefully than ever before.
The GDPR was built on established and widely accepted privacy principles, such as purpose limitation, lawfulness, transparency, integrity, and confidentiality. It strengthens existing privacy and security requirements, including requirements for notice and consent, technical and operational security measures, and cross-border data flow mechanisms.
To adapt to the new reality of a digital, global, and data-driven economy, the GDPR also formalizes new privacy principles, such as accountability and data minimization, which are reflected throughout the text, including in the following requirements:
Oracle is committed to helping you develop a strategy to achieve GDPR security compliance. Oracle has more than 40 years of experience in the design and development of secure database management, data protection, and security solutions. Trusted globally, Oracle Cloud solutions have a proven track record, serving leading businesses in 175 countries. Oracle successfully manages critical business data for more than 25,000 SaaS customers throughout the world—across finance, HR, supply chain, and customer experience (CX)—on a daily basis.
Oracle Cloud Applications customers can take advantage of Oracle’s vast experience in the cloud. Over the years, Oracle has invested the resources and designed controls and processes to expertly develop and manage its applications, databases, servers, and infrastructure across the entire cloud technology stack. Oracle gives its customers a SaaS advantage by offering the most complete suite of cloud applications—designed to be secure at every layer—for their entire business. Oracle Cloud applications can reduce risk and offer simplicity, with a single set of policies and standards for your business processes. In a constantly changing regulatory landscape, Oracle Cloud applications can help your organization address regulatory compliance more efficiently and easily.
Find out more about how Oracle Cloud applications can help accelerate your GDPR readiness.
Organizations around the world are continuing to focus on ensuring their systems, processes, and policies support GDPR guidelines. Marketing teams continue to be tasked with implementing changes in the way they manage processes, people, and technical controls in order to comply with the legislation. Oracle Marketing Cloud welcomes the positive changes the GDPR has brought to our services and we remain committed to helping our customers address GDPR requirements that are relevant to our products and services, including any applicable processor accountability requirements. Many of our services already have built-in privacy and security features to put our customers in control and to help build consumer trust.
If you have additional data privacy and security needs beyond the standards and options built into software-as-a-service (SaaS) applications, or you use platform as a service (PaaS) or infrastructure as a service (IaaS), Oracle offers additional cloud security solutions and options. These solutions are designed to protect data, manage user identities, and monitor and audit IT environments. Oracle Cloud customers can also select additional Managed Security Services to leverage Oracle expertise in deployment and security technology management to further accelerate or enhance GDPR compliance.
As part of our commitment to help customers address GDPR requirements, Oracle Marketing Cloud comes packaged with a robust set of built-in privacy and security features that put marketers in control of the personal data they handle and helps them build consumer trust. These native capabilities span the broader Oracle Marketing Cloud portfolio and can be grouped into these categories:
Collecting Personal Data | Oracle Marketing Cloud enables marketers to capture personal data across many different channels. As part of these data capture processes, marketers have the ability to incorporate mechanisms that enable their customers to make informed decisions about the use of their personal data. Whether someone is visiting your website, submitting a web form, or even sharing personal data across social media channels, Oracle Marketing Cloud provides controls that can be configured to meet specific business requirements. |
Managing Personal Data | As today’s businesses capture vast amounts of personal data, marketing teams require powerful tools that enable them to manage data at scale. Oracle Marketing Cloud provides a comprehensive portfolio of features that makes it easy for marketers and customers to manage personal data. This includes the ability for marketers and customers to update personal data on request, as well as to securely transfer personal data at scale, leveraging modern APIs and SFTP mechanisms. |
Protecting Personal Data | Businesses hold a responsibility to secure personal data to protect the integrity of their customers. Native to Oracle’s core business, Oracle Marketing Cloud provides state-of-the-art data security mechanisms and controls derived from privacy by design and privacy by default principles. These include capabilities like encryption, anonymization, and more to protect personal data at the highest possible standard as well granular access controls that enable organizations to distinguish which individuals or groups should have access to personal data. |