New User from FI
joined:Feb 15, 2018
Given the looming General Data Protection Regulation (GDPR) as well as reviewing all our processing and such, I wonder about the data that we store that can't easily be deleted or pseudonymised. So assume I need to keep some databases which tables in that have email, first name, surname, to keep some old systems running and so the website doesn't break.
If I understand, as well as the other obligations under GDPR this data has to be stored securely. Does this mean I have to encrypt it? (not feasible!). We store this data in a SQL Database on an AWS EC2 Windows server instance and access to this is locked down fully.
So I suppose that's not considered secure enough - the fact that it's on an AWS instance? If that's the case then what would I need to do to be compliant in my db storage?