Scribd
Upload
8 views15 pages

Compliance Challenges in DBMS

The document discusses the compliance challenges faced by Database Management Systems (DBMS) in handling sensitive data, emphasizing the importance of adhering to regulations like GDPR and HIPAA. It outlines common compliance issues such as data protection, access control, and audit trails, as well as the risks of non-compliance, including legal penalties and reputational damage. Mitigation strategies such as regular audits, role-based access control, and staff training are recommended to ensure compliance and safeguard sensitive information.

Uploaded by

Ryiane Vince Ureta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views15 pages

Compliance Challenges in DBMS

The document discusses the compliance challenges faced by Database Management Systems (DBMS) in handling sensitive data, emphasizing the importance of adhering to regulations like GDPR and HIPAA. It outlines common compliance issues such as data protection, access control, and audit trails, as well as the risks of non-compliance, including legal penalties and reputational damage. Mitigation strategies such as regular audits, role-based access control, and staff training are recommended to ensure compliance and safeguard sensitive information.

Uploaded by

Ryiane Vince Ureta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

COMPLIANCE

CHALLENGES IN
DBMS
Presented by:
John Leo M. Diangson & Justine T. Egenias
TABLE OF CONTENTS

Why is Compliance
01 What is DBMS? 02 Necessary?

Typical Industries Key Compliance


03 Impacted 04 Standards
Common
05 Compliance
Challenges
06 Real-World Issues

Risk of Non- Mitigation


07 Compliance 08 Strategies
INTRODUCTION
DBMS platforms store sensitive data,
making regulatory compliance essential.
Laws like GDPR and HIPAA require strict
data control, but many systems face
challenges like unauthorized access,
weak security, and complex legal rules.
This report outlines key compliance
issues and how to address them.
What is DBMS?
A Database Management System (DBMS) is
software that allows users to create, store,
manage, and retrieve data efficiently. Examples
include MySQL, Oracle, and Microsoft SQL
Server.

DBMS
WHY IS COMPLIANCE NECESSARY?
Compliance allows data to be processed
based on legal, ethical, and regulatory
guidelines. It safeguards sensitive data,
promotes trust, and prevents legal
ramifications.
TYPICAL INDUSTRIES IMPACTED

Healthcare E-commerce
patient confidentiality customer information and
(HIPAA)
Education payment data

student information
protection (FERPA)
Finance Government
public record and national
transactional and identity
security information
protection (SOX, PCI DSS)
KEY COMPLIANCE STANDARDS
● GDPR (General Data Protection Regulation) – Enforces personal
data protection of EU residents; imposes consent, rights to access
data, and data breach notification.

● HIPAA( Health Insurance Portability and Accountability Act) –


Mandates healthcare information protection within the U.S.;
emphasizes privacy, security, and patient autonomy.

● SOX(Sarbanes-Oxley Act) – Enforces financial information accuracy


and protection of public company information; mandates strict
internal controls.

● PCI DSS(Payment Card Industry Data Security Standard) – Protects


credit card transactions; imposes encryption, access restrictions,
and routine monitoring.
COMMON COMPLIANCE CHALLENGES
Data Protection & Privacy Securing personal and sensitive information against leaks or misuse.

Access Control Restricting who may see or change data based on roles.

Audit Trails & Logging Monitoring who saw or modified data and when.

Data Retention Policies Retaining data no longer than legally necessary.

Encryption & Masking Protecting data stored and transmitted


REAL-WORLD ISSUES
Misconfigured
Lack of Regular Audits
Permissions
Users can see data they Compromises monitoring
should not. and risk identification.

Unpatched
Vulnerabilities Insider Threats
Exposes systems to Staff can exploit or leak
intrusions. confidential information.
RISK OF NON-COMPLIANCE

Legal Penalties & Operational


Fines Loss of Reputation
Disruptions
Offenses cost Information breaches Investigations and
organizations lose customer trust. remedies stop
financially. business operations.
MITIGATION STRATEGIES
● Regular Compliance Audits – Guarantees
continuous compliance with standards.
● Role-Based Access Control – Restricts data
access depending on user roles.
● Data Encryption – Safeguards sensitive data
against unauthorized usage.
● Automated Compliance Tools – Simplifies
monitoring and reporting.
● Staff Training – Trains staff on compliance
specifications and best practice.
CONCLUSION
The major compliance challenges are protecting
sensitive information, managing access control,
keeping audit trails, and conforming to data
retention policies. Proactive compliance is
necessary in order to guard data, facilitate legal
compliance, and prevent fines. For DBMS teams,
routine audits, robust encryption mechanisms,
role-based access, and employee training play a
key role in ensuring compliance standards.
REFERENCES
General Data Protection Regulation (GDPR) – European Union Regulation.
Health Insurance Portability and Accountability Act (HIPAA) – U.S. Government
Regulation
Sarbanes-Oxley Act (SOX) – U.S. Government Law.
Payment Card Industry Data Security Standard (PCI DSS) – Payment Card
Industry Security Standards Council
Family Educational Rights and Privacy Act (FERPA) – U.S. Government
Regulation.
ISO/IEC 27001:2013 – International Organization for Standardization (ISO).
National Institute of Standards and Technology (NIST) Cybersecurity Framework
– U.S. Department of Commerce
Cloud Security Alliance (CSA) – Cloud Security Best Practices.
The National Cyber Security Centre (NCSC) – UK Government Cybersecurity
Guidelines.
Center for Internet Security (CIS) – Cybersecurity Best Practices and Standards.

You might also like