I'm looking to redeploy a server that runs a PHP application managing medical data, and I need to ensure it's compliant with GDPR since I'm in the EU. Right now, it's running on Debian, but I realize it needs updating to meet compliance standards. I'm considering a few options: AlmaLinux with support, Ubuntu LTS, Red Hat Enterprise Linux (RHEL), or sticking with Debian Stable. I'm aware that choosing the right distro is just the first step; there are many technical measures to take for full compliance. I don't have a preference between EL and Debian-based distros. I've researched and found that the EL options are often recommended for their security and ability to handle critical data, plus users often mention SELinux as an effective tool for securing applications. While I have experience with SELinux and AppArmor, I prefer SELinux for its effectiveness, despite its complexity. From a geopolitical standpoint, I think using an EU-based distro like Ubuntu LTS might be safer, but I'm unsure if that's a valid concern. Additionally, for anyone thinking about containers, I'm not going that route just yet. I'd appreciate any suggestions from experienced admins!
4 Answers
If I had the budget, I'd go with RHEL. It's got a great web interface, and while it's a bit pricey, the support is solid. I'd suggest looking into the certification it provides for GDPR.
What's the issue with Debian for GDPR compliance? I genuinely want to understand if there are specific concerns with it that I should know about.
Honestly, the choice of distro is less crucial than how it's configured. Focus on setting up the necessary security features and compliance tools, and you should be fine!
Thanks for your input! I guess I just want to ensure I start with something that's known for good security practices.
Have you thought about using SUSE? We run all our SAP systems on SLES, and it has a strong focus on GDPR compliance.
Are you talking about the Cockpit interface? I heard it's pretty user-friendly.