Preparing Container-Based Applications for GDPR: What You Need to Know

The General Data Protection Regulation (GDPR), set to replace the European Data Protection Directive 95/46/EC, comes into effect in May 2018. GDPR is intended to protect the privacy of EU citizens, and give regulatory bodies the power to act against non-compliant organizations. It affects member states in the EU, but also companies handling EU citizens’ data, so really, any organization with a global reach including many US companies.

A lot has already been said and written about GDPR but not nearly enough in the context of containers. As the usage of containerized applications increases in production environments, many organizations are looking to extend compliance best practices into container environments, whether deployed across cloud or on-premises environments.

How is the use of containers tied to GDPR compliance? Well, at the very basic level, containerized applications may handle data and processes that require protection under GDPR. For example, if a containerized application handling such data is breached, and data is exfiltrated, that could become a very tangible liability.

Here are some tips to accelerate your Container Environment GDPR readiness:

1. Data Protection Impact Assessment

Understand which vulnerabilities are embedded in images and run-time containers, prioritize and deploy effective remedies by applying policy-based security controls;

To read the full blog post, click here.