Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Russell McDermottSales [email protected]+44 (0) 203 588 3023 x 2208
Address GDPR Requirementswith Netwrix Auditor
How to Ask Questions
Type your question here
Click “Send”
Agenda
What the GDPR is
The key GDPR principles
The GDPR requirements we can assist you with
How to address the GDPR provisions with Netwrix Auditor
Q&A
Useful Resources
Prize Drawing
Why You Should Start Now
The GDPR impacts all
organisations processing
data of the EU citizens
Fines for non-compliance are tremendous
The GDPR imposes tighter limits on the useof personal data
The GDPR Content
The (GDPR) is designed to harmonize data privacy laws across Europe, to
protect and empower all EU citizens data privacy and to reshape the way
organizations across the region approach data privacy.
• ~200 pages, 99 articles
• Organisational and technical requirements
http://www.eugdpr.org
TIME UNTIL GDPR ENFORCEMENT421 DAYS
Necessary Vocabulary
o Data Controller
o Data Processor
o Personal Data
o …
eugdpr.org/glossary-of-terms.html
Key Data Protection Principles
1. Data Security
2. Data Accountability
3. Timely Response
4. Audit Trail
Address GDPR Requirements
Article 5. Processing of Personal Data, §1
Personal data shall be processed in a manner that ensures appropriate security
of the personal data, including protection against unauthorised or unlawful
processing and against accidental loss, destruction or damage, using
appropriate technical or organisational measures (‘integrity and confidentiality ’).
How to achieve?
Сontrol over access rights assignment
Review user access to sensitive content and data
Subscribe to the following reports: Files and Folders Deleted, Data Deletions,
Files and Folders Moved, Files and Folders Renamed, and Files Copied
Article 5. Processing of Personal Data, §2
The controller shall be responsible for, and be able to demonstrate
compliance with, paragraph 1 (‘accountability’).
How to achieve?
Demonstrate your data protection controls using a complete audit trail
Easily access archived audit data for investigations
Article 24. Responsibility of the Сontroller, §1
The controller shall implement appropriate technical and organisational
measures to ensure and to be able to demonstrate that processing is
performed in accordance with this Regulation. Those measures shall be
reviewed and updated where necessary.
How to achieve?
Track systems configuration changes
Track data access that posed threats to personal data
Use reports to prove that all controls are in place
Article 25. Data Protection by Design, §1
The controller shall implement appropriate technical and organisational
measures at the time of the determination of the processing means and at
the time of the processing itself.
How to achieve?
Identify and evaluate the effectiveness of existing controls
Make necessary changes to improve it
Review IT changes and access events across critical IT systems
Monitor installations and removals of software apps, hardware devices
Use interactive search to quickly find information that you need
Article 25. Data Protection by Design, §2
The controller shall implement appropriate technical and organisational
measures for ensuring that, by default, only personal data, which are necessary
for each specific purpose of the processing, are processed. In particular, such
measures shall ensure that by default personal data are not made accessible to
an indefinite number of natural persons.
How to achieve?
Be sure that only authorised users have access to personal data
Check the reports showing permission states, group membership states
Review reports that show enabled, disabled, expired and locked user
accounts
Article 32. Security of Processing, §1
The controller and the processor shall implement measures to ensure a
level of security appropriate to the risk, including the ability to ensure the
ongoing confidentiality, integrity, availability and resilience of processing
systems and services; the ability to restore the availability and access to
personal data.
How to achieve?
Use overview dashboards to see what’s happening in IT infrastructure
Revert unauthorised or accidental Active Directory changes
Article 32. Security of Processing, §4
The controller and processor shall take steps to ensure that any person
who has access to personal data does not process them except on
instructions from the controller, unless he or she is required to do so by
Union or Member State law.
How to achieve?
Stay aware of any employees activity outside business hours
Review the Access to Archive Data report
Use the video recording capability
Article 33. Notification of a Data Breach, §1
In the case of a personal data breach, the controller shall without undue
delay and, where feasible, not later than 72 hours after having become
aware of it, notify the personal data breach to the supervisory authority.
How to achieve?
Respond quickly to threat patterns using alerts
Assign a group of people to monitor critical IT systems
Netwrix Auditor Platform
Netwrix Auditor
A visibility and governance platform that enables control over
changes, configurations, and access in hybrid cloud IT environments by
providing security analytics to detect anomalies in user behavior and
investigate threat pattern before a data breach occurs.
Netwrix Auditor Benefits
Relieves IT departments of manual
crawling through weeks of log data
to get the information about who
changed what, when and where
and who has access to what.
Detect Data Security Threats – On Premises
and in the Cloud
Pass Compliance Audits with Less Effort and
Expense
Increase the Productivity of Security and Operations Teams
Bridges the visibility gap by
delivering security analytics about
critical changes, state of
configurations and data access in
hybrid cloud IT environments and
enables investigation of suspicious
user behavior.
Provides the evidence required to
prove that your organization’s IT
security program adheres to PCI
DSS, HIPAA, HITECH, SOX,
FISMA/NIST800-53, COBIT, ISO/IEC
27001 and other standards.
Netwrix Auditor Applications
Active Directory Exchange
Office 365 Windows File Servers EMC
NetApp
Windows Server VMwareSQL Server
SharePoint
Azure AD
Oracle Database
Netwrix Customers
Financial
State, Local Government/Education
Technology/Internet/Retail/Food/Other
Heavy Industry/Engineering/Manufacturing/Transportation
About Netwrix Corporation
Year of foundation:
2006
Headquarters location:
Irvine, California
Global customer base:
over 7000
Recognition:
Among the fastest growing software companies in the US with 95 industry awards from Redmond Magazine, SC Magazine, Windows IT Pro and others
Awards
All awards: www.netwrix.com/awards
Read more about the GDPR netwrix.com/GDPR_Compliance.html
Watch intro webinar about the GDPR get.netwrix.com/webinar-what-the-gdpr-is/
Download GDPR mapping get.netwrix.com/gdpr-compliance/
Free Trial: setup in your own test environment:
On-premises: netwrix.com/freetrial
Virtual: netwrix.com/go/appliance
Cloud: netwrix.com/go/cloud
Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive
Live Demo: product tour with Netwrix expert netwrix.com/livedemo
Contact Sales to obtain more information netwrix.com/contactsales
Webinars: join our upcoming webinars and watch the recorded sessions
netwrix.com/webinars
Next Steps
Thank You!