How GDPR compliant is Endpoint DLP Plus?

Is GDPR your top concern?

GDPR (General Data Protection Regulation) furor has reached its peak and the top concern is to provide any individual the control over his/her private data by enforcing strict commands over the parties accessing or processing the data across the world. This not only has an impact on EU. It also affects the countries where there is a free flow of personal data.

There is a lot of talk about the GDPR compliance, requirements and the penalties to be paid for non-compliance. This is just nothing! GDPR doesn't say that the enterprises should not acquire or process personal data. Where as, they have a set of rules to sick to. These rules are set just to ensure end user's privacy.

How benefited are you?

The primary focus of GDPR is to provide end users the right to see through how, where and what amount of their private data is been stored, processed and used. Here the private data refers to Personally Identifiable Information (PII) i.e, any information that directly or indirectly reveals the identity of an individual. With GDPR one can,

  1. Become aware on how their personal data is been used for sales and marketing.
  2. Obtain information on their personal data used, processed or stored in any enterprise.
  3. Demand any enterprise to completely remove all their personal data within stipulated time.

How GDPR compliant is Endpoint DLP Plus?

Endpoint DLP Plus as an enterprise handling personal information of the end users, has taken steps towards GDPR compliance to ensure end user privacy. Endpoint DLP Plus with the revised Terms of Service and workflow has various features to ensure user privacy.

Your privacy is our priority

Whenever your data is obtained or shared across the integrated applications, as per GDPR article 7 - Conditions for Consent, Endpoint DLP Plus completely throws light on what data is acquired, its purpose and where it is being stored with explicit consents. The user has the complete liberty to approve or with draw the consents anytime.

Conceal Private Data while reporting

Generating or exporting reports for various purposes creates all the possible odds and puts user's private data at risk. With Endpoint DLP Plus Report Settings, you can choose to mask/hide all the Personally Identifiable Information (PII) while generating reports. This way, even while sharing the generated reports, you can protect end-user's personal information from getting spilled over.

Role based access control

You have too many technicians working with Endpoint DLP Plus and you let them access every detail of your enterprise? With User Management, you can tailor roles or use the predefined roles to define scope for each technician and refine them from accessing information elevated to their privilege.

Breach Notification

Endpoint DLP Plus being an on-premises solution does not hold any critical personal data of the customers. Every detail is stored in a database within the customer's enterprise. However, in accordance with GDPR article 33, whenever Endpoint DLP Plus (data processors) is impacted by a data breach, the customers will be notified on the breach, its effects along with the relevant fixes. Similarly, 

  1. Any personal information such as an e-mail, you provide during your evaluation or the purchase will be used only in accordance with ManageEngine Privacy Policy
  2. We will be notifying you with our latest advancements and offers through an e-mail which is completely based on your consents and subscriptions. You are given the complete liberty to unsubscribe to any of our notifications.
  3. Whenever a vulnerability is detected in Endpoint DLP Plus, we ensure to duly notify customers on its impacts along with the fixes.
  4. We do not acquire any information from your database without your consent. Whenever you contact support or enable automatic upload of logs for diagnostic purposes, only the relevant and required data (such as server side or agent logs) is obtained without any Personal information.

Right to Erasure

Whenever a technician/user is removed, as per GDPR article 17 Endpoint DLP Plus does not retain any information of the particular user except for the user name as it is required for audit and legal purposes

Right to Information

Endpoint DLP Plus users can request for the complete information on what amount of their data is being obtained, processed or stored. Endpoint DLP Plus as per GDPR article 15 is liable for the information acquired and shall provide complete information on the requested data within promised duration.

Secure your communication

GDPR is more of securing user data. Endpoint DLP Plus is used in processing personal information in an enterprise such as computer name, user name and IP address. There is always a constant flow of personal data between Endpoint DLP Plus and the integrated applications. Here arises a serious need for a secured communication. The following settings will aid in avoiding data breaches and unexpected data leaks.

  1. Endpoint DLP Plus lets you encrypt the communication between the agent and the server. You can also encrypt any request reaching the server with a HTTPS protocol.
  2. Endpoint DLP Plus is capable of managing multiple Active Directories and workgroups. So, your server is always in sync with your domain controller. However, our technical or support teams do not have any access to read your AD elements. You can protect this communication with the LDAP SSL certificate.
  3. Restrict your clients from uninstalling Endpoint DLP Plus agent or stop its service from services.msc which is again equivalent to agent uninstall. This will prevent your users from getting out of your control.