Is your enterprise located in the EU or does it collect and process personal data of the EU citizens? Then it's high time for you to adopt the new GDPR regulation before 25 May, 2018. Check out what's GDPR and how ManageEngine can help you comply with this new mandate.
The all new General Data
(GDPR) is a compliance
mandate that unifies and
collection and processing
of data belonging to EU
• Email address
• IP address
• Physical, physiological,
economic, cultural, or
social identity of natural
Do you need to
• Is your enterprise in the EU?
• Do you process EU citizens'
If you answered YES to either
question, then you need to
comply with the GDPR before
May 25, 2018.
The penalties for
violation are huge!
Fines up to 20,000,000€, or
4% of the total worldwide
annual turnover of the
preceding financial year,
whichever is higher.
What should you do to prepare?
Ensure your company
employs proper collection of
Ensure your company
How should you collect it?
• Get proper consent before
collecting and processing
• Know your data subjects' rights.
What do you collect?
• Personal data
• Right to restrict data processing: Subjects have
the rights to stop enterprises processing their data if the
data is found to be inaccurate or incomplete, is
processed unlawfully, or the purpose for which the data
was collected is violated.
• Right to data portability: Data subjects can obtain
and transfer their personal data from one environment to
another at any point in time.
• Right to be forgotten: If subjects demand enterprises
to delete or remove their personal data, then enterprises
should do so.
• Right to be informed: Enterprises should
provide fair processing information to the data
subjects through a privacy notice. It emphasizes
the need for transparency over how you use
• Right of access by data subjects: Data
subjects can check and validate whether their
information is processed fairly at any point in time.
• Right to rectification: If the data is found
incomplete or inaccurate, subjects can demand
enterprises to rectify any errors.
Articles 12 - 20
Deploy technical and
organizational measures to stop
• If you're a Windows shop and use Active Directory to grant
permissions to critical resources like personal data in your network,
ADManager Plus can help you manage and report on every user
• If you use Exchange servers to facilitate email transactions,
Exchange Reporter Plus can provide information on attachments by:
• file name
• Keep an eye on data transmissions happening over email.
• If you use Office 365 to facilitate data storage and processing,
O365 Manager Plus provides extensive, web-based monitoring
that tracks all activities happening in your Office 365 environment.
"Monitor and audit activities
happening on all technology
and platforms (including
applications, mail servers, and
cloud deployment) that are
involved in personal data
Article 24 #1
• Article 32 - 1(b) - "Ensure integrity,
confidentiality, and availability of personal
data processing systems and
• Article 32 - 1(d) - "Regularly evaluate
and assess the effectiveness of the
technical measures that ensures data
• Article 32 - 2 - "Audit all activities to
detect any accidental or unlawful
destruction, loss, alteration, unauthorized
disclosure of, or access to personal data
transmitted, stored or otherwise
• If the personal data is stored in databases such as Oracle or MS SQL,
Log360 helps audit all activities, including:
• Access to personal data
• Changes in access permissions
• User activities
• Critical changes to stored personal data
• If you store personal data in Windows file servers, use FileAudit Plus
to audit your servers in real time and track:
• Changes to files and folders
• Permission changes
• Unauthorized access
• Files that are moved to a different location
Log360 can detect any data breaches instantly with its real-time alerting
console and correlation engine. This solution,
• Lets you search through the logs to find out how the breach
happened with its powerful log search engine.
• Helps you compile an incident report that has answers to the vital
W's: who did what, when, and where.
Write to us at firstname.lastname@example.org
for more information on the GDPR compliance and ManageEngine
solutions that help complying with this requirement at ease.