![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure SQL Database
An Azure relational database service.
6,326 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 97%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
My understanding is that before you enable auditing you should classify your data and use column encryption, always encrypted and other methods to protect PII data.
Initially to analyze the risks on the organization and perform Data Protection Impact Assessment explained on GDPR Article 35, you can use Azure SQL Auditing as a tool to determine those risks.
GDPR Article 33 "Notification of a personal data breach to the supervisory authority" express that audit records should exist of all the processes related to personal data. Those are mechanisms you should create using tables with encrypted columns that you can show how data has been changing over time in case of regular GDPR audit processes and where Azure SQL Auditing should not be used to my knowledge. For meet the requirements of Article 33 you can use Advanced Threat Protection on Azure SQL and configure the "send email notifications" option that it offers.