FRENDS & GDPR
FRENDS is fully a GDPR compliant integration platform. Learn more about the regulation and FRENDS here.
What is GDPR?
Regulation passed by the European Parliament to ensure data protection of all individuals in the EU
The regulation affects all systems that store or process personal data of any EU citizen
Personal data is any information related to a natural person, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Comes into effect on 25.5.2018
Maximum penalty of 4% of the organization's yearly revenue
FRENDS is a Data Processor Entity
In GDPR the personal data which is covered by the legislation has two distinct actors: Data Controller and Processor.
A controller is the entity that determines the purposes, conditions and means of the processing of personal data
A processor is the entity which processes that personal data in some manner on behalf of the controller
This means that our customers are identified as the data controllers while FRENDS is a data processor
In this regard FRENDS will ensure that you as the data controller will be able to fullfill all of your legal obligations regarding GDPR inside FRENDS
GDPR & Data Rights
Data processors such as FRENDS must be able to fullfill the following rights given to all individuals regarding GDPR:
FRENDS actively monitors possible data breaches on a platform level using Azure Security Center best practices outlined here ( Detecting Threats With Azure Security Center)
We will commit to notifying you within 36 hours of a detected breach and it's severity
This will give you enough time to notify your end users as a data controller of the breach
We will also expect you to notify us of a breach resulting in other systems within 72 hours
Right to Access
Under GDPR any individual within EU can ask you, the data controller, if their personal data is being processed, where and for what purpose
FRENDS has native monitoring tools and supports full data auditing, meaning you can find all integration flows where an individual's data has been processed
From this monitoring data you can discern where the data has been used and for what purpose
You can use any data fields or combination of fields to search for integration flow executions containing an individuals data
Note that only data that has actually been processed in FRENDS can be searched. If for example FRENDS only transferred a secured file, where the contents of that file contain personal data, that is not considered to have been processed in FRENDS.
Right to be Forgotten
Under GDPR any individual within EU can ask that you, the data controller, erase all personal data regarding that individual
In FRENDS similarly to finding all integration flow instances containing an individuals data those same integration flow instances can be deleted, using FRENDS native features, from all data locations within FRENDS.
Deleting an integration flow instance removes all data associated with that integration flow instance, meaning you will lose the data itself and the information on where it was used
Note that while you are able to remove personal infromation of an individual in FRENDS, FRENDS is not able to remove that information from the systems that have been integrated into
Using the features listed under 'Right to Access' you can find out specifically each system and application where FRENDS has used the personal information in
Privacy by Design
GDPR introduces the concept of 'Privacy by Design' which means that data controllers and processors should take steps to minimize the risk involved in handling personal data
In FRENDS we tackle this by enabling customers to use 'data minimization', where the integration flows can be implemented to only process the absolute minimal amount of personal data
This 'data minimization' can be implemented when accessing personal data or systems by dropping (scrubbing) data fields that contain unnecessary personal data
Data minimization can also be natively configure in regards to FRENDS logging, meaning you can process data fields, but drop/scrub them when logging monitoring and audit trail infromation
FRENDS also contains out-of-the-box fine grained user management tools, which you can use to limit the number of people who can view monitoring data containing personal information
User management can also be tailored to fit your organizations authentication protocols and security policies
When using FRENDS your data will pass through five components described here in perfect detail.
When executing integration flows, the actual data processing happens on a FRENDS Agent. Due to the hybrid architecture of FRENDS Agents can be installed either on-premise or in the cloud
When executing integration flows the Agent first executes all of the required data processing directly in the virtual machine memory
After integration flow execution the Agent first locally persists the configured logging data, the level and fidelity of which can be freely configured by the customer, and then sends that data to the Service Bus in the next step.
Agents in the Cloud
In the cloud FRENDS Agents are hosted in a virtual private network dedicated for each customer
Each Agent has a dedicated Azure virtual machine resource placed in the virtual private network
Agent's are using D2v3 series virtual machines described in more detail here
The Agent's are hosted using two data centers within the EU: Azure North Europe (Ireland) and Azure West Europe (Netherlands)
In on-premise installations the FRENDS Agent is installed on a Windows Server specified by the customer
In these scenarios the customer is responsible for the security of the hosting server and all related concerns
Azure Service Bus
After an integration flow, which has processed data, has been executed the data is sent to an Azure Service bus queue. The connection between the Agent and the Service Bus is always secured with SSL using an internally generated FRENDS certificate.
Each customer agent has their own isolated and dedicated queues to ensure no data is contaminated by other customer installations
The Service Bus is hosted using two data centers within the EU: Azure North Europe (Ireland) and Azure West Europe (Netherlands)
The Service Bus is responsible of persisting the data untill it can be processed to it's final resting place in the FRENDS Logging Database
This means that the data can temporarily be persisted outside of transport in the Service Bus
To ensure this is not an issue each message in the service bus is given a hard-capped time-to-live of 36 hours after which the data is deleted regardless
Read more about the Azure Service Bus here
FRENDS Message Processor
The FRENDS Message Processor -service is attached to the FRENDS User Interface and is responsible for reading the processed data from the Azure Service bus and processing it to the FRENDS Logging Database.
Each customer agent has their own isolated and dedicated FRENDS Message Processor -service to ensure no data is contaminated by other customer installations
The Message Processor -service is hosted using two data centers within the EU: Azure North Europe (Ireland) and Azure West Europe (Netherlands)
The Message Processor -service will not persist any of the data at any point and only processes it to a final format used by the FRENDS Logging -database
FRENDS Logging Database
The FRENDS Logging Database is the final resting place of any and all monitoring and audit trail information executed by the FRENDS Agents
Each customer agent has their own isolated and dedicated FRENDS Logging Databases to ensure no data is contaminated by other customer installations
The FRENDS Logging Database is hosted using two data centers within the EU: Azure North Europe (Ireland) and Azure West Europe (Netherlands)
The data is encrypted and secured according to the best practices outlined here
Access to the data monitoring and audit trail data contained in the FRENDS Logging Database is accessed through the FRENDS User Interface described below
Administrative technical access to customer specific FRENDS Logging Databases is strictly restriced to FRENDS employees only
FRENDS User Interface
The FRENDS User Interface is used to access the monitoring and audit trail data logged by the FRENDS Agents during integration flow executions
Each customer agent has their own isolated and dedicated FRENDS User Inteface to ensure that access to each customer specific FRENDS User Interface is restriced to only the users configured by the customer using FRENDS User Management
The FRENDS User Interface is hosted using two data centers within the EU: Azure North Europe (Ireland) and Azure West Europe (Netherlands)
Access to the User Interface including Authentication and fine-grained authorization is implemented using OAuth 2.0 and OpenID protocols using Windows Identity Foundation
It is up to the customer using FRENDS to secure and limit access to sensitive data using FRENDS User Management