3

I have currently using Transaction replication in my production database and replicating the same database for internal purpose.

Due to GDPR compliance, we are going to encrypt our database customer information columns using Always Encryption.

I have found some articles says Always encryption doesn't support Transactional replication.

Are any other alternative solutions available for this? like a better option for transaction replication

Please suggest any other replication method to move the encrypted tables to another server.

Note: We have currently replicating nearly 350+ tables, so using manual jobs or queries is difficult to implement.

SQL Server Version: 2016

Nagaraj M
  • 480
  • 3
  • 17
  • Instead of articles, check [the documentation](https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-2017#feature-details) `The following features do not work on encrypted columns: Transactional or merge replication Distributed queries (linked servers)` . – Panagiotis Kanavos May 08 '18 at 10:06
  • You don't need encryption for GDPR though, unless stealing the DB disks is a common occurence. GDPR is about what you *store* on the disks, for how long and when it's deleted, and who has access to the data. Access is primarily enforced by using limited access accounts, restricting access through permissions and obviously, not using `sa` to connect to the database. Data retention or deletion is the job of DBAs and/or batch jobs. Encryption doesn't cover any of this – Panagiotis Kanavos May 08 '18 at 10:08
  • @PanagiotisKanavos Interesting view. I do agree that filesystem encryption only protects against physical theft. Furthermore when a database server itself is compromised the encryption keys of database-table encryption solutions is also compromised, so that does not help much either. However in the GDPR encryption is mentioned 4 times, among which: "the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:(a)the pseudonymisation and encryption of personal data;" – musicformellons May 11 '18 at 23:06

0 Answers0