There is a strong international trend towards greater protection of personal data. With GDPR (General Data Protection Regulation) in place, the European Union has a comprehensive law that also serves as a model for other countries.
As the world market leader in desktop databases, Microsoft Access is a prominent player in terms of data protection. Millions of people and organizations use Access to manage vast amounts of data, often sensitive and personal. Therefore, if you are responsible for data processing with Access you should know what protection measures to follow with your database applications.
What does modern data protection in the form of GDPR require of companies, IT and especially database developers?
In a nutshell, it is a question of lawful processing for a clear purpose and of keeping data subjects well informed. From a technical/organizational point of view, the GDPR requires a level of data protection that is appropriate to the risk to the data subject and the scope of the processing, as well as being technically state of the art.
As a database management system, Access offers "natural" and built-in features to meet some of these requirements. With its database and RAD capabilities, data can be conveniently managed. It has the database password, ACCDE format, Runtime version, startup options and more.
On the other hand, Access has inherent limitations because it is file-based, it does not provide a built-in user management, some options can be bypassed, etc. However, most of these limitations can be remedied by using SQL Server as the data-holding backend for Access applications.
Three experienced developers and data protection officers explain all these aspects in detail in their whitepaper, GDPR for Database Developers. Please visit this whitepaper for more information.
Karl Donaubauer is an independent database developer in Vienna, Austria, and organizer of the two biggest conferences for Microsoft Access: The German Access Developers Conference AEK and the Access DevCon in Vienna.