Is your enterprise located in the EU or does it collect and process personal data of the EU citizens? Then it's high time for you to adopt the new GDPR regulation before 25 May, 2018. Check out what's GDPR and how ManageEngine can help you comply with this new mandate.
2. What's the
GDPR?
The all new General Data
Protection Regulation
(GDPR) is a compliance
mandate that unifies and
standardizes the
collection and processing
of data belonging to EU
citizens.
3. The GDPR's
definition of
personal data
Unique identifiers
• Name
• Location
• Email address
• Passwords
Online identifiers
• IP address
• Cookies
• RFIDs
Other data
• Physical, physiological,
genetic, mental,
economic, cultural, or
social identity of natural
persons
4. Do you need to
comply?
• Is your enterprise in the EU?
• Do you process EU citizens'
personal data?
If you answered YES to either
question, then you need to
comply with the GDPR before
May 25, 2018.
7. The penalties for
violation are huge!
Fines up to 20,000,000€, or
4% of the total worldwide
annual turnover of the
preceding financial year,
whichever is higher.
8. What should you do to prepare?
Ensure your company
employs proper collection of
personal data.
Ensure your company
securely processes
personal data.
9. How should you collect it?
• Get proper consent before
collecting and processing
personal data.
• Know your data subjects' rights.
&
how
<
What do you collect?
• Personal data
10. _______________ THEIR
• Right to restrict data processing: Subjects have
the rights to stop enterprises processing their data if the
data is found to be inaccurate or incomplete, is
processed unlawfully, or the purpose for which the data
was collected is violated.
• Right to data portability: Data subjects can obtain
and transfer their personal data from one environment to
another at any point in time.
• Right to be forgotten: If subjects demand enterprises
to delete or remove their personal data, then enterprises
should do so.
• Right to be informed: Enterprises should
provide fair processing information to the data
subjects through a privacy notice. It emphasizes
the need for transparency over how you use
personal data.
• Right of access by data subjects: Data
subjects can check and validate whether their
information is processed fairly at any point in time.
• Right to rectification: If the data is found
incomplete or inaccurate, subjects can demand
enterprises to rectify any errors.
Articles 12 - 20
12. • If you're a Windows shop and use Active Directory to grant
permissions to critical resources like personal data in your network,
ADManager Plus can help you manage and report on every user
permission change.
13. • If you use Exchange servers to facilitate email transactions,
Exchange Reporter Plus can provide information on attachments by:
• file name
• extension
• keywords
• Keep an eye on data transmissions happening over email.
14. • If you use Office 365 to facilitate data storage and processing,
O365 Manager Plus provides extensive, web-based monitoring
that tracks all activities happening in your Office 365 environment.
15. "Monitor and audit activities
happening on all technology
and platforms (including
Windows, Linux/Unix,
applications, mail servers, and
cloud deployment) that are
involved in personal data
processing."
Article 24 #1
17. • Article 32 - 1(b) - "Ensure integrity,
confidentiality, and availability of personal
data processing systems and
applications."
• Article 32 - 1(d) - "Regularly evaluate
and assess the effectiveness of the
technical measures that ensures data
safety."
• Article 32 - 2 - "Audit all activities to
detect any accidental or unlawful
destruction, loss, alteration, unauthorized
disclosure of, or access to personal data
transmitted, stored or otherwise
processed."
18. • If the personal data is stored in databases such as Oracle or MS SQL,
Log360 helps audit all activities, including:
• Access to personal data
• Changes in access permissions
• User activities
• Critical changes to stored personal data
19. • If you store personal data in Windows file servers, use FileAudit Plus
to audit your servers in real time and track:
• Changes to files and folders
• Permission changes
• Unauthorized access
• Files that are moved to a different location
21. Detect the
data breach
within 72
hours
Assess the
impact of
the data
breach
Report the
data breach;
include
information on
mitigation
measures
22. Log360 can detect any data breaches instantly with its real-time alerting
console and correlation engine. This solution,
• Lets you search through the logs to find out how the breach
happened with its powerful log search engine.
• Helps you compile an incident report that has answers to the vital
W's: who did what, when, and where.
23. Thank you!
Write to us at itsecurity-solutions@manageengine.com
for more information on the GDPR compliance and ManageEngine
solutions that help complying with this requirement at ease.