Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ease out the GDPR adoption with ManageEngine

1,751 views

Published on

Is your enterprise located in the EU or does it collect and process personal data of the EU citizens? Then it's high time for you to adopt the new GDPR regulation before 25 May, 2018. Check out what's GDPR and how ManageEngine can help you comply with this new mandate.

Published in: Software
  • Be the first to comment

Ease out the GDPR adoption with ManageEngine

  1. 1. The GDPR. Are you ready?
  2. 2. What's the GDPR? The all new General Data Protection Regulation (GDPR) is a compliance mandate that unifies and standardizes the collection and processing of data belonging to EU citizens.
  3. 3. The GDPR's definition of personal data Unique identifiers • Name • Location • Email address • Passwords Online identifiers • IP address • Cookies • RFIDs Other data • Physical, physiological, genetic, mental, economic, cultural, or social identity of natural persons
  4. 4. Do you need to comply? • Is your enterprise in the EU? • Do you process EU citizens' personal data? If you answered YES to either question, then you need to comply with the GDPR before May 25, 2018.
  5. 5. Why is there so much buzz around the GDPR?
  6. 6. The rules are strict!
  7. 7. The penalties for violation are huge! Fines up to 20,000,000€, or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
  8. 8. What should you do to prepare? Ensure your company employs proper collection of personal data. Ensure your company securely processes personal data.
  9. 9. How should you collect it? • Get proper consent before collecting and processing personal data. • Know your data subjects' rights. & how < What do you collect? • Personal data
  10. 10. _______________ THEIR • Right to restrict data processing: Subjects have the rights to stop enterprises processing their data if the data is found to be inaccurate or incomplete, is processed unlawfully, or the purpose for which the data was collected is violated. • Right to data portability: Data subjects can obtain and transfer their personal data from one environment to another at any point in time. • Right to be forgotten: If subjects demand enterprises to delete or remove their personal data, then enterprises should do so. • Right to be informed: Enterprises should provide fair processing information to the data subjects through a privacy notice. It emphasizes the need for transparency over how you use personal data. • Right of access by data subjects: Data subjects can check and validate whether their information is processed fairly at any point in time. • Right to rectification: If the data is found incomplete or inaccurate, subjects can demand enterprises to rectify any errors. Articles 12 - 20
  11. 11. Deploy technical and organizational measures to stop breach attempts.
  12. 12. • If you're a Windows shop and use Active Directory to grant permissions to critical resources like personal data in your network, ADManager Plus can help you manage and report on every user permission change.
  13. 13. • If you use Exchange servers to facilitate email transactions, Exchange Reporter Plus can provide information on attachments by: • file name • extension • keywords • Keep an eye on data transmissions happening over email.
  14. 14. • If you use Office 365 to facilitate data storage and processing, O365 Manager Plus provides extensive, web-based monitoring that tracks all activities happening in your Office 365 environment.
  15. 15. "Monitor and audit activities happening on all technology and platforms (including Windows, Linux/Unix, applications, mail servers, and cloud deployment) that are involved in personal data processing." Article 24 #1
  16. 16. Security of data processing
  17. 17. • Article 32 - 1(b) - "Ensure integrity, confidentiality, and availability of personal data processing systems and applications." • Article 32 - 1(d) - "Regularly evaluate and assess the effectiveness of the technical measures that ensures data safety." • Article 32 - 2 - "Audit all activities to detect any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed."
  18. 18. • If the personal data is stored in databases such as Oracle or MS SQL, Log360 helps audit all activities, including: • Access to personal data • Changes in access permissions • User activities • Critical changes to stored personal data
  19. 19. • If you store personal data in Windows file servers, use FileAudit Plus to audit your servers in real time and track: • Changes to files and folders • Permission changes • Unauthorized access • Files that are moved to a different location
  20. 20. Oops! Data breach?!
  21. 21. Detect the data breach within 72 hours Assess the impact of the data breach Report the data breach; include information on mitigation measures
  22. 22. Log360 can detect any data breaches instantly with its real-time alerting console and correlation engine. This solution, • Lets you search through the logs to find out how the breach happened with its powerful log search engine. • Helps you compile an incident report that has answers to the vital W's: who did what, when, and where.
  23. 23. Thank you! Write to us at itsecurity-solutions@manageengine.com for more information on the GDPR compliance and ManageEngine solutions that help complying with this requirement at ease.

×