GDPR and Oracle

In the previous post we talked about GDPR and how it could be enforced in the scope of SQL Server databases. We now cover the same topic but with Oracle databases in mind.

Please refer to GDPR Data Security requirements  as stated in the post. We will religiously walk the same task and activity structure for all RDBMs we cover. Let’s move fast to the identified GDPR tasks and requireements and then the identified database options, features and/or related products to implement recommendations.



Risk Assessment

  • Personal Data identification
  • Access, role and privilege analysis
  • Security configuration analysis

Attack Prevention

  • Encryption of data and data transfers
  • Anonimyzation/Pseudonymization of Personal Data
  • Personal Data Access Control


  • Audit implementation and centralization
  • Audit event notification implementation

As with SQL Server, Oracle provides a very rich of options and products to help us implement GDPR recommendations.

In this case, however, the necessary budget will probably be bigger.


Oracle built-in features and tools of the trade

Oracle databases provides the necessary tools and technologies to address each of the above mentioned tasks.


Risk Assessment

Attack Prevention




Surprise, surprise

As always with Oracle products licensing, watch your back ! Not all those long impressive products and options are free for immediate use.  Oracle Licensing is a subtle network of entangled “restricted-use” licenses and its management has become an art. Here are a few links on licensing that will get you set:

Enterprise Manager Data Masking and Subsetting pack.

Oracle Database Licensing Information – Options and Packs



Oracle database and its ecosystem provides a complete and rich set of features and a toolset to enforce GDPR.

Compared to SQL Server quite a few of these features are separate licensed options and/or products. From a practical point of view a balance should be found between licensing costs of an option/product and the development cost of a more “creative” solution (in APEX or PL/SQL) for some of the GDPR requirements, especially for user of Standard or Standard One database editions with a limited budget.

Next post will cover GDPR and Postgresql in the same way. Stay tuned.




Alexis is the founder of Aleph Technologies, a data infrastructure consulting and professional services provider based in Brussels, Belgium.

More Posts - Website

Follow Me: