by Jasmine Chennikara-Varghese, Greenlight Technologies
In less than three months, the European Union’s (EU) General Data Protection Regulation (GDPR) will take effect. The focus of GDPR is to strengthen and unify data protection for EU citizens. This impacts organizations that collect, analyze and store personal data within the EU or worldwide. Satisfaction of GDPR requirements is a complex undertaking that demands input and actions from the IT department, legal department, line-of-business owners, and board-level executives. The lack of preparation and compliance failures can bring significant repercussions, including heavy fines.
The road to GDPR compliance includes identification and monitoring of sensitive, personal data in the organization. What is considered regulated sensitive, personal data is left purposely vague. For example, a common name like John Smith itself may not be deemed as personal data since it cannot easily identify a person, or data subject. However, the common name plus a full mailing address would be enough to identify the person. That data then becomes subject to compliance to GDPR regulations. As part of the GDPR data discovery, these nuances have to be understood for all potentially personal data that is collected, processed and stored within critical business systems.
Along with personal data discovery, each piece of sensitive data must be mapped against the person or data subject. That means sensitive data associated with data subject John Smith needs to indexed to enable correlations to satisfy other requirements of GDPR, including right to erasure, consent management and monitoring of GDPR-regulated data.
Identifying, indexing and effectively monitoring GDPR-regulated data in large complex business landscapes requires actionable visibility into personal data managed across legacy, custom-built and commercial business applications and databases. Personal data monitoring provides insight into application user actions and activity against the regulated data. With continuous monitoring, organizations will know when someone reads John Smith’s customer data records, or changed his credit card information in their business-critical systems. Traditional approaches to address this challenge include SIEM solutions which are strong in analyzing network, infrastructure, and device and vulnerability scan data but often fall short in their native capability to extract and intelligently mine application and user activity data.
To address this gap, Greenlight Application Security Monitoring accelerates detection of potential data breaches with rapid auditing and reporting of user activities. Greenlight also proactively captures the evidence to support later investigations into actual breaches, enhancing awareness into the data exposed and the number of data subjects impacted.
Download the GDPR white paper to learn more.