MyDiamo for Regulatory Compliance

Home / Resources / MyDiamo for Regulatory Compliance

GDPR

#fancy-title-673ee47796f0b a{ color: #274e75; }
EU’s General Data Protection Regulation or more commonly referred to as GDPR, is the most recent change in data privacy regulation in the last 20 years. Approved by the EU Parliament since April 14, 2016, GDPR will supersede the Data Protection Directive and bring together the numerous data privacy laws across Europe.
The key changes in GDPR fall mainly in several categories including increased in territorial scope, data subject rights as well as penalty. Territorial scope now extends to include Non-EU organizations that process data of EU citizens while data subject rights have made it mandatory for organizations to notify whenever a breach occurs. Moreover, by enforcing strict penalties such as 4% of organization’s annual global turnover or 20 million Euros (whichever is greater), organizations are steadily preparing to meet this new regulation.
In cases of users of open source databases like MySQL, MariaDB, and Percona, MyDiamo provides encryption, access control as well as auditing functionality that matches with the requirements of GDPR. Contact us for more information.

HIPAA/HITECH

#fancy-title-673ee477977d6 a{ color: #274e75; }
HIPAA, the Health Insurance Portability and Accountability Act of 1996 is a legislation that was enacted to provide data privacy and security of sensitive information in healthcare-related sectors for all medical patients. With health data breaches occurring more frequently in recent years, HIPAA has become one of the more apparent data privacy laws up to date. The HIPAA Security Rule mandates that all entities or businesses that administer treatment, payment, patient health records/information and more, to implement technical safeguards to protect patients’ data security.
According to the U.S. Department of Health and Human Services (HHS) standards, healthcare organizations are required to implement secure electronic access and technical safeguards like limit facility access control as well as secure data when transferring, removing, disposing, and re-using electronic media and electronic protected health information (ePHI).
In 2009, the Health Information Technology for Economic and Clinical Health Act (HITECH) was passed to further reinforce HIPAA requirements, imposing penalties on health organizations that infringe HIPAA Privacy and Security Rules.

PCI DSS

#fancy-title-673ee47797fec a{ color: #274e75; }
Payment Card Industry Data Security Standard or PCI DSS, in short, is a set of security standard that is established and administered by the Payment Card Industry Security Standards Council to regulate the handling of sensitive customer payment data.
MyDiamo solution applies strong cryptography (Requirement 4.1) which offers businesses or financial institutions a way to secure valuable cardholder data. With easy to set column-level encryption and access control privilege (Requirement 7.1), MyDiamo’s comprehensive solution will help businesses stay updated with PCI DSS regulatory compliance.

CCPA

#fancy-title-673ee47798629 a{ color: #274e75; }
The California Consumer Privacy Act or CCPA, belongs to a wave of new data privacy regulations inspired by GDPR. The regulation is similar to GDPR in a sense that is not limited to any specific industry and this means that regardless of the location of your business, it must comply with the new regulation. 
However, where GDPR requires all organizations to comply regardless of their size and activity, CCPA only applies to businesses that pass an annual revenue threshold, or those that process a certain amount of personal information. If you own an enterprise that does business in California that either
• have gross annual revenue of over USD 25 million; • buy, receive, or sell the personal data of 50,000 or more California residents, households, devices, or; • derive 50% or more of their annual revenue from selling the personal information of California residents
It is compulsory for you to follow the newest data protection regulation established by the California State Legislature and approved since January 1, 2020. 
.page-section-673ee477960aa { padding:10px 0; background-attachment:; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-673ee477960aa .alt-title span { } .page-section-673ee477960aa.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.2 !important; } .page-section-673ee477960aa .expandable-section-trigger i { opacity:1; top:0 !important; }

Compliance Requirements met with MyDiamo

#fancy-title-673ee4779994b a{ color: #274e75; }

Requirements Sections MyDiamo Capabilities
Risk Management 164.308(a)(1)(ii)(A)
164.308(a)(1)(ii)(B)
MyDiamo can reduce risks and vulnerabilities from unauthorized access and malicious insiders.
Access Management 164.308(a)(4)(ii)(B)
164.308(a)(4)(ii)(C)
164.312(a)(2)(A)
164.312(c)
Privileges should be granted so that only authorized users can access data. Users can selectively give rights to data based on the user account and IP.
Encryption & Decryption 164.312(a)(2)(iv)
164.312(e)(2)(ii)
MyDiamo provides column-level encryption, which allows higher performance by enabling users to encrypt only necessary parts. Operated parallel to the engine, it does not require any code modification. The process is also called transparent encryption.
Key Management 164.312(a)(2)(iv)
164.312(e)(ii)
D'Amo KMS provides the secure key management. It manages all MyDiamo keys with access control and auditing functions.
Audit Control & Monitoring 164.308(a)(1)(ii)(D)
164.308(a)(5)(ii)(C)
164.308(a)(6)
164.312(b)
MyDiamo provides auditing functions which consist of recording access, deny, and query logs to data. It helps users look into unauthorized attempts and abnormal activities by insiders so that they can prevent or analyze incidents.
.page-section-673ee477990d3 { padding:10px 0; background-attachment:; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-673ee477990d3 .alt-title span { } .page-section-673ee477990d3.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.2 !important; } .page-section-673ee477990d3 .expandable-section-trigger i { opacity:1; top:0 !important; }