Organizations collect and process a huge amount of personal/sensitive personal data for their daily operations. To reduce the risk of a data security breach, and to provide data subjects with more control over their personal data, the General Data Protection and Regulation (GDPR) mandates:
ManageEngine DataSecurity Plus helps address a few of these requirements by discovering the presence and location of sensitive data, analyzing the associated risks, and preventing the leak or theft of business-critical data, not just sensitive personal data.
Learn how to discover, track, and protect personal data to comply with the GDPR using DataSecurity Plus.
Let's take a look at some of the common GDPR articles, and learn how DataSecurity Plus can help you comply with these requirements easily:
|What the GDPR article say:
|What you should do:
|How DataSecurity Plus helps:
Personal data should be adequate, relevant, and limited to what is necessary.
|Remove redundant, obsolete, and trivial data, i.e. unnecessary files from your data stores.
|Finds and deletes junk data including stale, duplicate, and orphaned files, and helps ensure that only required, relevant data is stored.
Personal data should be protected against accidental loss, destruction, or damage.
|Bring in the right technical and organizational measures to ensure the integrity, security, and confidentiality of personal and sensitive data.
To help maintain data integrity:
To help maintain data security:
The data subject has the right to request what information about them is being processed.
|Locate and share all information about the data subject stored by your organization.
|Finds the personally identifiable information (PII) of a specific user using RegEx or by matching a unique keyword, e.g. customer ID, name, etc. across Windows file server and failover cluster environments.
The controller shall provide a copy of the data undergoing processing.
|Share an electronic copy of all data relevant to the data subject stored by the organization.
|Identifies the location where personal/sensitive personal data is stored to facilitate further processes.
The data subject can request the controller to rectify inaccurate information concerning him/her.
|Locate and revise all instances of inaccurate information about the data subject.
|Uses data discovery to find instances of data subject's personal/sensitive personal data using a unique keyword set, e.g., national identification number, credit card details, license number, etc.
In compliance with guidelines mentioned in the law, the data subject has the right to request the controller to erase all information concerning him/her.
|Find and delete all instances of the data subject's personal/sensitive personal data.
|Locates all the files containing instances of the data subject's information by matching keywords.
Appropriate data protection policies are to be implemented to protect the rights of data subjects.
|Implement necessary technical and organizational measures to ensure high standards of data privacy.
Practice data minimization and ensure that personal data is not accessible by an indefinite number of individuals.
|Locate and roll back excessive privileges and permissions given to users.
A record of all processing activities along with details on the sensitive data processed and the technical measures used to safeguard the data shall be maintained.
|Figure out which data is sensitive, who can access it, and set up auditing so that you have a foolproof record of what is happening to your data. Maintain accurate details on the measures taken to ensure data security.
Technical and organizational measures to address the risk in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted or stored shall be implemented.
|Implement preventive and detective measures to protect the data being processed from a security incident.
To address the risk of potential data leaks:
To address the risk of unauthorized accesses or disclosure:
To address the risk of accidental or unlawful destruction:
In case of a personal data breach, the notification should include measures taken to address and mitigate the possible adverse effects of the personal data breach.
|Analyze and investigate the potential causes and consequences of a data breach.
|Helps analyze the root cause and the scope of the data breach using extensive records on all file and folder related activities in Windows file servers, failover clusters, and workgroup environments. Provides details on who accessed what, when, and where.
A data protection impact assessment should include measures envisaged to address risks including safeguards and safety measures to ensure the protection of personal data.
|Identify and assess risks to your sensitive personal data. Evaluate the risk and implement measures to mitigate the risk.
Disclaimer: Fully complying with the GDPR requires a variety of solutions, processes, people, and technologies. This page is provided for informational purpose only and should not be considered as legal advice for GDPR compliance. ManageEngine makes no warranties, express, implied, or statutory, as to the information in this material.