Skip to main content


EU GDPR Compliance – Securing Data in Oracle HCM Cloud

Istock 871840512

Does your Organization conduct business and have a workforce in the EU? If so, EU General Data Protection Regulation (GDPR) applies to you.

EU General Data Protection Regulation (GDPR) is the data privacy and security law that came into effect in May 2018. It requires Organizations that gather and process personal data in the EU to follow strict data privacy and security standards. The GDPR will impose heavy fines for violating the law. Penalties run into millions of dollars and damage your organization’s reputation.

How Oracle HCM Cloud Can Help With EU GDPR Compliance

Oracle HCM Cloud is an ideal solution to stay in compliance with the GDPR and manage your workforce effectively. You can mitigate the risks of data breaches and stay in compliance with the GDPR data privacy requirements and the strict data security standards. Implementing the rich and powerful features available within the HCM Cloud product offerings can help you stay compliant.

Oracle - Guide to Oracle Cloud: 5 Steps to Ensure a Successful Move to the Cloud
Guide to Oracle Cloud: 5 Steps to Ensure a Successful Move to the Cloud

Explore key considerations, integrating the cloud with legacy applications and challenges of current cloud implementations.

Get the Guide

GDPR requires access to personal data must be limited to only those employees in your organization who need it. Oracle Cloud HCM Security Profiles provide a mechanism to control and limit the access to personal data and it’s processing and reporting. Security profiles are defined and assigned to specific job roles. These then get assigned to systems users that can view, transact, and report on personal data. Data can be secured by the area of responsibility of users and their business unit to further limit access. Security profiles provide the capability to further control access to other HCM data objects such as Organizations, payroll, positions, etc. Data security preview, diagnostic, and audit function tools are available to test and verify that users are correctly configured with the data roles.

Oracle Risk Management Access Certification and Advanced Controls 

Oracle Risk Management Access Certification offering with the Cloud HCM enables your Organization to perform a periodic audit users’ access. You can define and set up a certification project within the Risk Management to audit all existing roles or new user-role assignments since the last audit. Auditors also have the ability to receive email notifications as reminders and respond to links from the emails to navigate and complete the audit tasks to stay on track with the audit process.

Advanced Controls offering allows the separation of duties and proactive monitoring of users’ risky behaviors through their points of access. It mitigates risks of unwanted transactions and data breaches within the applications. Access models can be set up to define the risk logic using the combination of user roles and application privileges assigned to users who may perform undesired personal data processing or transactions. Controls can be set up based on the models which trigger incidents when an access violation occurs. Auditors can further investigate and resolve the incidents within the application. Intuitive graphic visualizations are available within the offering to aid in investigating and resolving the incidents. Simulations can also be created to see the steps that can be taken to resolve access conflicts identified by incidents and to prevent risky role assignments in the future.

Oracle Database Vault and Transparent Data Encryption

GDPR requires that Organizations handle data security by implementing technology safeguards such as encryption. Oracle Cloud HCM offers two data protection features, Oracle Database Vault and Transparent Data Encryption (TDE), as part of the Oracle Advanced Data Security option. Oracle Database Vault mitigates the risk of unauthorized access by system administrators from behind the scenes. It enables keystroke auditing to monitor any suspicious data access activity by hackers. TDE secures the sensitive personal data on the file system from being accessed or used wrongfully by encrypting the data. The master key of the encryption is stored within the Oracle Wallet. The master key can be retained with the organization’s data protection authorities to comply with the data protection regulation. These technologies can be implemented by subscribing to the Break-Glass service in Oracle Applications Cloud.

With the comprehensive and powerful set of tools and product offerings of Oracle HCM Cloud, your Organization can safely store and process personal data while staying with EU GDPR compliance requirements.

Perficient has the skills and expertise to help your Organization address the data privacy and security needs of EU GDPR.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Chakra Kosana

For over 20 years, Chakra Kosana has implemented Oracle EBS HCM and Financials applications globally. He has led the implementation effort of the Oracle EBS in various roles as Solution Architect, Project Manager and brings several skills to the table in IT, management, and leadership.

More from this Author

Follow Us