Q: Is SentinelDB GDPR compliant and why?
A: Yes. SentinelDB implements all the technical requirements of GDPR, following the “privacy by design” principle, extensively utilizing encryption and providing functionality to implement the right to erasure and pseudonymization. If you store all personal data inside SentinelDB and only non-personal or non-identifiable data outside, you are covered in terms of data storage when GDPR is concerned. Note, however, that GDPR contains not only technical requirements, but organizational ones as well – even though an organization is storing personal data properly, this doesn’t mean that the organization can breach GDPR with its practices and procedures. Full compliance strongly depends on technical compliance, but is not limited to it.
Q: Is SentinelDB HIPAA compliant and why?
A: Yes. SentinelDB implements all the technical requirements of HIPAA by providing a way to de-identify your data and store the sensitive parts in a very secure, encrypted datastore. Our underlying infrastructure (AWS) is HIPAA-compliant as well. Additionally, we offer BAAs (Business Associate Agreements), as per HIPAA requirements. As with GDPR, HIPAA compliance is not limited to the technical aspects of data storage and your organization has to account for that.
Q: If another data protection legislation is applicable, is SentinelDB compliant?
A: Generally – yes. Local legislation can have some specifics (e.g. location requirements) which we don’t cover out-of-the-box, but the general principles underlying all data protection regulations are covered by SentinelDB. If you have concerns about particular data protection legislation, contact us and we will do the required legal analysis.