SlideShare a Scribd company logo

Top gdpr assessment tools

Download as DOCX, PDF
Rajivarnan R
Rajivarnan R

Top gdpr assessment tools

Law
1 of 17
Top X GDPR Assessment Tools By: -Rajivarnan.R Cyber Security Analyst
Whatis GDPR? The EuropeanParliamentadoptedthe GDPRin April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businessesto protect the personaldata and privacy of EU citizens for transactions that occur within EU member states.The GDPRalso regulates the exportation of personaldata outside the EU. The provisions are consistent across all28 EU member states, which means that companies have just one standardto meet within the EU. However, that standard is quite high and will require most companies to make a large investment to meet and to administer. Why does the GDPR exist? The short answer to that question is public concern over privacy. Europe in general has long had more stringent rules around how companies use the personal data of its citizens. The GDPR replaces the EU’s Data Protection Directive, which went into effect in 1995. This was well before the internet became the online business hub that it is today. Consequently, the directive is outdated and does not address many ways in which data is stored, collected and transferred today. How real is the public concern over privacy? It is significant, and it grows with every new high- profile data breach. According to the RSA Data Privacy & Security Report, for which RSA surveyed 7,500 consumers in France, Germany, Italy, the UK and the U.S., 80 percent of consumers said lost banking and financial data is a top concern. Lost security information (e.g.,
passwords) and identity information (e.g., passports or driving license) was cited as a concern of 76 percent of the respondents. An alarming statistic for companies that deal with consumer data is the 62 percent of the respondents to the RSA report who say they would blame the company for their lost data in the event of a breach, not the hacker. The report’s authors concluded that, “As consumers become better informed, they expect more transparency and responsiveness from the stewards of their data.” Lack of trust in how companies treat their personal information has led some consumers to take their own countermeasures. According to the report, 41 percent of the respondents said they intentionally falsify data when signing up for services online. Security concerns, a wish to avoid unwanted marketing, or the risk of having their data resold were among their top concerns. The report also shows that consumers will not easily forgive a company once a breach exposing their personal data occurs. Seventy-two percent of US respondents said they would boycott a company that appeared to disregard the protection of their data. Fifty percent of all respondents said they would be more likely to shop at a company that could prove it takes data protection seriously. “As businesses continue their digital transformations, making greater use of digital assets, services, and big data, they must also be accountable for monitoring and protecting that data on a daily basis,” concluded the report. What types of privacy data does the GDPR protect?  Basic identity information such as name, address and ID numbers  Web data such as location, IP address, cookie data and RFID tags  Health and genetic data  Biometric data  Racial or ethnic data  Political opinions  Sexual orientation
Which companies does the GDPR affect? Any company that stores or processes personalinformation about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:  A presence in an EU country.  No presence in the EU, but it processes personaldata of European residents.  More than 250 employees.  Fewer than 250 employees but its data-processingimpacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data. That effectively means almost all companies. Top tools to assess, implement, and maintainGDPR compliance GDPR Assessment Tools  Snow Software GDPR Risk Assessment It identifies more than 23,000 application versions that hold or transmit personal data. It also provides visibility of devices, users and applications, whether on premises, in the cloud or mobile. Passive scanning means agents do not have to be installed on endpoints. It can flag devices that do
not have appropriate GDPR security controls so that the organization knows where its data is, who is using it and how it is protected.  The International Association of Privacy Professionals (IAPP) & TRUSTe GDPR Readiness Assessment tool This tool is available as a special single-user version of the TRUSTe Assessment Manager. Created for IAPP members, it contains more than 60 questions mapped to key GDPR requirements and produces a gap analysis with recommended steps for remediation. The assessment tool is cloud- based and does not require a software download; IAPP members can activate a free account. It integrates with a variety of existing applications and hosting environments, including Amazon Web Services and Alibaba Cloud.
 The DB Networks DBN-6300 This is a security appliance using artificial intelligence and deep protocol analysis to give visibility into database infrastructure activities. It also non-intrusively discovers databases containing PII and connected applications, and automatically maps how the information is being processed. The DBN-6300 performs passive scanning on a network terminal access point rather than using active scanning, which can miss undocumented databases. It is available as a physical appliance or in an Open Virtualization Format (OVF) and supports database management systems including Oracle server, Microsoft SQL Server, and SAP Sybase ASE. The virtual machine supports VMware vSwitch, dvSwitch, and a software- defined network (SDN) platform configured to allow network tapping.
 Opus Global’s Third-Party Compliance software as a service (SaaS) solution moves assessment into the supply chain by identifying third parties with whom their customers’ personal data is shared. Questionnaires about data security controls are automatically sent to third-party users. The tool analyzes responses to determine whether they comply with GDPR requirements and provides recommendations for remediation. This allows the organization to fully document who has access to covered data and how it is protected. This SaaS solution requires no hardware, software, or IT infrastructure.
 Microsoft GDPR benchmark assessment tool The Microsoft GDPR Detailed Assessment tool consists of an Excel workbook, a Power BI output file, and a PowerPoint template for customer discussions. The Excel file is made up of yes/no questions, grouped by theme and sub-scenario. The four themes are Discover, Manage, Protect, and Report (DMPR), and the sub-scenarios are more granular activities within those themes. The backend mechanics for how recommendations are generated is hidden by default and can be accessed by unhiding the hidden tabs. Use caution if making any changes to the hidden tabs, as this could break key analysis formulas, as well as the outputs in Power BI.The Power BI output file is linked to the Excel file and provides high-level visualizations of the end- customers’ maturity overall and within each theme. It also generates recommendations to help customers improve their GDPR maturity within each theme. Additionally, the GDPR Detailed Assessment tool provides integration with Microsoft Compliance manager, enabling partners to work with their customers on assessing the GDPR compliance posture for the customers assets in the Microsoft cloud, such as Office 365
 Microsoft GDPR readiness assessment tool The Discovery capabilities in Cloud App Security, Microsoft’s CASB solution, can now help you determine whether your cloud apps and services comply with GDPR requirements, so you can take corrective action if necessary. Sourcing from a catalog of more than 16,000 apps, Cloud App Discovery enables you to identify which cloud apps and services are being used in your organization. Before today, the service leveraged 60 different parameters, including regulatory certifications, industry standards, and best practices, to assign a risk score to each one of those apps.We have added 13 new components to the risk assessment, directly aligned to GDPR requirements, to provide you with a more comprehensive GDPR readiness overview for your organization. In cases where a cloud provider is listed as not GDPR ready, you will also be able to see which GDPR controls have not been implemented by the cloud service provider.
GDPR Implementation Tools  Secureprivacy.ai is an automated consent management solution to make websites compliant with GDPR requirements for obtaining informed consent from users for collection and use of data. It also allows them to opt out. Once installed, the Secureprivacy.ai script provides granular page-by-page notifications for the appropriate opt-in and opt-out requirements. Screenshots are saved to document user consent and are available through a dashboard. The solution is formatted for both desktop and mobile devices and includes a plugin for users of WordPress. Documentation includes the user IP address and location and can be easily exported for business and regulatory uses.
 Datum Information Value Management for GDPR  is a special edition of its information governance software that is preconfigured with GDPR base processes,rules, standards, templates, and frameworks. It aligns an organization’s data with regulatory requirements, identifying the data that is covered under the EU privacy rules and the capabilities and controls that are required. The tool discovers the data and how it is used and maps it to the organization’s governance process. This allows data to be used and shared with stakeholders across the organization within the requirements of the privacy regulations, and documents compliance for regulators.
 SAS for Personal Data Protection creates a unified environment with a single user interface for accessing and managing data. It allows organizations to access, identify, govern, protect, and audit personal data so that they can comply with GDPR requirements that personal data must not only be protected, but must be removed upon request. This combination of SAS software and services allows organizations to blend data types from multiple sources such as Oracle, Apache, and Hadoop, identifying personal data in structured and unstructured sources. Its data governance features enforce policies and protect data through role-basedmasking and encryption that secures sensitive information while at rest and in use.  Neupart Secure GDPR
Neupart is based on the company’s Secure ISMS security management system. Added features designed for companies to implement and maintain GDPR processes include templates, data protection and impact assessment tools, data breach notification capability, and gap analysis to track your current compliance status. It also provides a data protection officer (DPO) dashboard so DPOs have a single view of key compliance areas.  Neo4j Neo4j is a graph solution that provides visibilityinto the organization’s data and the connections between and among data. Personal data can reside in many applications at many locations across the enterprise and in the cloud, and must be protected and managed in all locations. Organizations must be able to track data through its lifecycle, from its acquisition through use to removal. To track and control the data, connections among multiple systems and data silos must be understood. The Neo4j native graph database provides this visibility, together with analytics and data integration. It is available either as a download or an online tool.
 Aircloak Insights  allows organizations to make use of protected data by anonymizing it for analysis so that the results can be shared without restrictions under GDPR. The solution consists of two pieces of software (the Air web frontend and the Cloak anonymization engine) running on two Docker containers for virtualization on Windows and Linux. It works with most popular databases, including a large set of SQL databases. GDPR Maintenance Tools  BigID BigOps
A scanning tool that uses machine learning to continuously track changes in PII across the production and development environments in the data center or cloud. Machine learning allows the software to understand known personal data and its contexts, and then discover and catalog all personal data across the data stores. It integrates with automation frameworks such as Jenkins to monitor changes to the data across the development lifecycle, helping to ensure that it remains in compliance with GDPR requirements. It also helps with requirements for data breach response by allowing an organization to compare its data with that in a purloined data dump to determine within minutes if there has been a breach.  OneTrust privacy management software platform Automates tasks to enable continued compliance with GDPR requirements for website cookies and maintenance of subject request portals. OneTrust conducts ongoing scans of an organization’s web pages to identify and categorize cookies and provides a transparent mechanism for obtaining required cookie consents. The cookie compliance solution includes continuous scanning against a database of 5.5 million cookies. Organizations also can use OneTrust to create a portal and branded web
form to deal with user requests for managing PII under GDPR. It can track and document user requests and the organization’s response.  FileCloud File Cloud is known as a enterprise file sharing and syncing platform. It now offers features to ease tasks associated with some GDPR requirements. Privacy settings make it easier to ask users for consent while accessing content from the cloud. Administrator tools allow for the deletion or anonymization of PII for right to be forgotten requests, or to reply to requests for PII that a company has on an individual. FileCloud also addresses the data portability requirement with the ability to export in standard formats.
 Loom Systems Sophie for GDPR which Loom describes as an algorithmic IT operations (AIOps) tool, uses artificial intelligence (AI) to “analyze logs and unstructured machine data for immediate visibilityinto the IT environments.” The product has a “Find my PII” feature that automates the collection of sensitive logs. This makes it easier to comply with GDPR’s right to be forgotten mandate, as it allows you to quickly locate and delete personal data when a request to remove is received. End

Recommended

Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Steven Meister
 
Support your business objects GDPR project with 360suite
Support your business objects GDPR project with 360suiteSupport your business objects GDPR project with 360suite
Support your business objects GDPR project with 360suite
Sebastien Goiffon
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?
Samuel Pouyt
 
Establishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft SystemsEstablishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft Systems
Appsian
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
EquiGov Institute
 
Data Security Whitepaper
Data Security WhitepaperData Security Whitepaper
Data Security Whitepaper
Sample Solutions
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for Businesses
CompTIA
 
Security, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it rightSecurity, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it right
N-iX
 

Recommended

Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Steven Meister
 
Support your business objects GDPR project with 360suite
Support your business objects GDPR project with 360suiteSupport your business objects GDPR project with 360suite
Support your business objects GDPR project with 360suite
Sebastien Goiffon
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?
Samuel Pouyt
 
Establishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft SystemsEstablishing CCPA Compliance in Legacy PeopleSoft Systems
Establishing CCPA Compliance in Legacy PeopleSoft Systems
Appsian
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
EquiGov Institute
 
Data Security Whitepaper
Data Security WhitepaperData Security Whitepaper
Data Security Whitepaper
Sample Solutions
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for Businesses
CompTIA
 
Security, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it rightSecurity, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it right
N-iX
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the Cloud
IESL - The Institution of Engineers, Sri Lanka
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
Ulf Mattsson
 
BigId GDPRcompliance
BigId GDPRcomplianceBigId GDPRcompliance
BigId GDPRcompliance
Fatime Traoré
 
PREPARING FOR THE GDPR
PREPARING FOR THE GDPRPREPARING FOR THE GDPR
PREPARING FOR THE GDPR
Annelore van der Lint
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020
TheCEOViews
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017
Dryden Geary
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-cloud
drewz lin
 
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Envision Technology Advisors
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017
Ray Bugg
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
EMC
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
Angad Dayal
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
rajab ssemwogerere
 
GDPR compliance with Varonis
GDPR compliance with VaronisGDPR compliance with Varonis
GDPR compliance with Varonis
Angad Dayal
 
Marketing data management | The new way to think about your data
Marketing data management | The new way to think about your dataMarketing data management | The new way to think about your data
Marketing data management | The new way to think about your data
Laurence
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
MuhammadArif823
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
Cathy Gilmartin
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?
Hayden McCall
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
EMC
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...
Ulf Mattsson
 
GDPR
GDPRGDPR
GDPR
Rajivarnan R
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
Peter Goldbrunner
 

More Related Content

What's hot

Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-cloud
drewz lin
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017
Ray Bugg
 

What's hot (20)

Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the Cloud
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
BigId GDPRcompliance
BigId GDPRcomplianceBigId GDPRcompliance
BigId GDPRcompliance
 
PREPARING FOR THE GDPR
PREPARING FOR THE GDPRPREPARING FOR THE GDPR
PREPARING FOR THE GDPR
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-cloud
 
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
GDPR compliance with Varonis
GDPR compliance with VaronisGDPR compliance with Varonis
GDPR compliance with Varonis
 
Marketing data management | The new way to think about your data
Marketing data management | The new way to think about your dataMarketing data management | The new way to think about your data
Marketing data management | The new way to think about your data
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...
 

Similar to Top gdpr assessment tools

SAP insider GDPR compendium Hernan Huwyler
SAP insider GDPR compendium Hernan HuwylerSAP insider GDPR compendium Hernan Huwyler
SAP insider GDPR compendium Hernan Huwyler
Hernan Huwyler, MBA CPA
 
Mastering Data Compliance in a Dynamic Business Landscape
Mastering Data Compliance in a Dynamic Business LandscapeMastering Data Compliance in a Dynamic Business Landscape
Mastering Data Compliance in a Dynamic Business Landscape
Denodo
 
GDPR: the IBM journey to compliance
GDPR: the IBM journey to complianceGDPR: the IBM journey to compliance
GDPR: the IBM journey to compliance
DataWorks Summit
 

Similar to Top gdpr assessment tools (20)

GDPR
GDPRGDPR
GDPR
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
 
GDPR Compliance
GDPR ComplianceGDPR Compliance
GDPR Compliance
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR compliance
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
DevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileDevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay Agile
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänster
 
SAP insider GDPR compendium Hernan Huwyler
SAP insider GDPR compendium Hernan HuwylerSAP insider GDPR compendium Hernan Huwyler
SAP insider GDPR compendium Hernan Huwyler
 
Unified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge GraphUnified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge Graph
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPR
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod
 
What is GDPR Data Flow Mapping
What is GDPR Data Flow MappingWhat is GDPR Data Flow Mapping
What is GDPR Data Flow Mapping
 
GDPR- The Buck Stops Here
GDPR- The Buck Stops HereGDPR- The Buck Stops Here
GDPR- The Buck Stops Here
 
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) planCWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
 
Mastering Data Compliance in a Dynamic Business Landscape
Mastering Data Compliance in a Dynamic Business LandscapeMastering Data Compliance in a Dynamic Business Landscape
Mastering Data Compliance in a Dynamic Business Landscape
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
GDPR: the IBM journey to compliance
GDPR: the IBM journey to complianceGDPR: the IBM journey to compliance
GDPR: the IBM journey to compliance
 
Preparing for GDPR Compliance...
Preparing for GDPR Compliance...Preparing for GDPR Compliance...
Preparing for GDPR Compliance...
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data Governance
 

Recently uploaded

一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理
一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理
一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理
e9733fc35af6
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
e9733fc35af6
 
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
trryfxkn
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
bd2c5966a56d
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
e9733fc35af6
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
JosephCanama
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
seri bangash
 
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
Fir La
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
F La
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
Airst S
 

Recently uploaded (20)

Reason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in IndiaReason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in India
 
一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理
一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理
一比一原版(AUT毕业证书)新西兰奥克兰理工大学毕业证如何办理
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
 
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
 
Hely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdfHely-Hutchinson v. Brayhead Ltd .pdf
Hely-Hutchinson v. Brayhead Ltd .pdf
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
 
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
 
Elective Course on Forensic Science in Law
Elective Course on Forensic Science in LawElective Course on Forensic Science in Law
Elective Course on Forensic Science in Law
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
 
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptx
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?
 
The Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in GreeceThe Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in Greece
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 

Top gdpr assessment tools

  • 1. Top X GDPR Assessment Tools By: -Rajivarnan.R Cyber Security Analyst
  • 2. Whatis GDPR? The EuropeanParliamentadoptedthe GDPRin April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businessesto protect the personaldata and privacy of EU citizens for transactions that occur within EU member states.The GDPRalso regulates the exportation of personaldata outside the EU. The provisions are consistent across all28 EU member states, which means that companies have just one standardto meet within the EU. However, that standard is quite high and will require most companies to make a large investment to meet and to administer. Why does the GDPR exist? The short answer to that question is public concern over privacy. Europe in general has long had more stringent rules around how companies use the personal data of its citizens. The GDPR replaces the EU’s Data Protection Directive, which went into effect in 1995. This was well before the internet became the online business hub that it is today. Consequently, the directive is outdated and does not address many ways in which data is stored, collected and transferred today. How real is the public concern over privacy? It is significant, and it grows with every new high- profile data breach. According to the RSA Data Privacy & Security Report, for which RSA surveyed 7,500 consumers in France, Germany, Italy, the UK and the U.S., 80 percent of consumers said lost banking and financial data is a top concern. Lost security information (e.g.,
  • 3. passwords) and identity information (e.g., passports or driving license) was cited as a concern of 76 percent of the respondents. An alarming statistic for companies that deal with consumer data is the 62 percent of the respondents to the RSA report who say they would blame the company for their lost data in the event of a breach, not the hacker. The report’s authors concluded that, “As consumers become better informed, they expect more transparency and responsiveness from the stewards of their data.” Lack of trust in how companies treat their personal information has led some consumers to take their own countermeasures. According to the report, 41 percent of the respondents said they intentionally falsify data when signing up for services online. Security concerns, a wish to avoid unwanted marketing, or the risk of having their data resold were among their top concerns. The report also shows that consumers will not easily forgive a company once a breach exposing their personal data occurs. Seventy-two percent of US respondents said they would boycott a company that appeared to disregard the protection of their data. Fifty percent of all respondents said they would be more likely to shop at a company that could prove it takes data protection seriously. “As businesses continue their digital transformations, making greater use of digital assets, services, and big data, they must also be accountable for monitoring and protecting that data on a daily basis,” concluded the report. What types of privacy data does the GDPR protect?  Basic identity information such as name, address and ID numbers  Web data such as location, IP address, cookie data and RFID tags  Health and genetic data  Biometric data  Racial or ethnic data  Political opinions  Sexual orientation
  • 4. Which companies does the GDPR affect? Any company that stores or processes personalinformation about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:  A presence in an EU country.  No presence in the EU, but it processes personaldata of European residents.  More than 250 employees.  Fewer than 250 employees but its data-processingimpacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data. That effectively means almost all companies. Top tools to assess, implement, and maintainGDPR compliance GDPR Assessment Tools  Snow Software GDPR Risk Assessment It identifies more than 23,000 application versions that hold or transmit personal data. It also provides visibility of devices, users and applications, whether on premises, in the cloud or mobile. Passive scanning means agents do not have to be installed on endpoints. It can flag devices that do
  • 5. not have appropriate GDPR security controls so that the organization knows where its data is, who is using it and how it is protected.  The International Association of Privacy Professionals (IAPP) & TRUSTe GDPR Readiness Assessment tool This tool is available as a special single-user version of the TRUSTe Assessment Manager. Created for IAPP members, it contains more than 60 questions mapped to key GDPR requirements and produces a gap analysis with recommended steps for remediation. The assessment tool is cloud- based and does not require a software download; IAPP members can activate a free account. It integrates with a variety of existing applications and hosting environments, including Amazon Web Services and Alibaba Cloud.
  • 6.  The DB Networks DBN-6300 This is a security appliance using artificial intelligence and deep protocol analysis to give visibility into database infrastructure activities. It also non-intrusively discovers databases containing PII and connected applications, and automatically maps how the information is being processed. The DBN-6300 performs passive scanning on a network terminal access point rather than using active scanning, which can miss undocumented databases. It is available as a physical appliance or in an Open Virtualization Format (OVF) and supports database management systems including Oracle server, Microsoft SQL Server, and SAP Sybase ASE. The virtual machine supports VMware vSwitch, dvSwitch, and a software- defined network (SDN) platform configured to allow network tapping.
  • 7.  Opus Global’s Third-Party Compliance software as a service (SaaS) solution moves assessment into the supply chain by identifying third parties with whom their customers’ personal data is shared. Questionnaires about data security controls are automatically sent to third-party users. The tool analyzes responses to determine whether they comply with GDPR requirements and provides recommendations for remediation. This allows the organization to fully document who has access to covered data and how it is protected. This SaaS solution requires no hardware, software, or IT infrastructure.
  • 8.  Microsoft GDPR benchmark assessment tool The Microsoft GDPR Detailed Assessment tool consists of an Excel workbook, a Power BI output file, and a PowerPoint template for customer discussions. The Excel file is made up of yes/no questions, grouped by theme and sub-scenario. The four themes are Discover, Manage, Protect, and Report (DMPR), and the sub-scenarios are more granular activities within those themes. The backend mechanics for how recommendations are generated is hidden by default and can be accessed by unhiding the hidden tabs. Use caution if making any changes to the hidden tabs, as this could break key analysis formulas, as well as the outputs in Power BI.The Power BI output file is linked to the Excel file and provides high-level visualizations of the end- customers’ maturity overall and within each theme. It also generates recommendations to help customers improve their GDPR maturity within each theme. Additionally, the GDPR Detailed Assessment tool provides integration with Microsoft Compliance manager, enabling partners to work with their customers on assessing the GDPR compliance posture for the customers assets in the Microsoft cloud, such as Office 365
  • 9.  Microsoft GDPR readiness assessment tool The Discovery capabilities in Cloud App Security, Microsoft’s CASB solution, can now help you determine whether your cloud apps and services comply with GDPR requirements, so you can take corrective action if necessary. Sourcing from a catalog of more than 16,000 apps, Cloud App Discovery enables you to identify which cloud apps and services are being used in your organization. Before today, the service leveraged 60 different parameters, including regulatory certifications, industry standards, and best practices, to assign a risk score to each one of those apps.We have added 13 new components to the risk assessment, directly aligned to GDPR requirements, to provide you with a more comprehensive GDPR readiness overview for your organization. In cases where a cloud provider is listed as not GDPR ready, you will also be able to see which GDPR controls have not been implemented by the cloud service provider.
  • 10. GDPR Implementation Tools  Secureprivacy.ai is an automated consent management solution to make websites compliant with GDPR requirements for obtaining informed consent from users for collection and use of data. It also allows them to opt out. Once installed, the Secureprivacy.ai script provides granular page-by-page notifications for the appropriate opt-in and opt-out requirements. Screenshots are saved to document user consent and are available through a dashboard. The solution is formatted for both desktop and mobile devices and includes a plugin for users of WordPress. Documentation includes the user IP address and location and can be easily exported for business and regulatory uses.
  • 11.  Datum Information Value Management for GDPR  is a special edition of its information governance software that is preconfigured with GDPR base processes,rules, standards, templates, and frameworks. It aligns an organization’s data with regulatory requirements, identifying the data that is covered under the EU privacy rules and the capabilities and controls that are required. The tool discovers the data and how it is used and maps it to the organization’s governance process. This allows data to be used and shared with stakeholders across the organization within the requirements of the privacy regulations, and documents compliance for regulators.
  • 12.  SAS for Personal Data Protection creates a unified environment with a single user interface for accessing and managing data. It allows organizations to access, identify, govern, protect, and audit personal data so that they can comply with GDPR requirements that personal data must not only be protected, but must be removed upon request. This combination of SAS software and services allows organizations to blend data types from multiple sources such as Oracle, Apache, and Hadoop, identifying personal data in structured and unstructured sources. Its data governance features enforce policies and protect data through role-basedmasking and encryption that secures sensitive information while at rest and in use.  Neupart Secure GDPR
  • 13. Neupart is based on the company’s Secure ISMS security management system. Added features designed for companies to implement and maintain GDPR processes include templates, data protection and impact assessment tools, data breach notification capability, and gap analysis to track your current compliance status. It also provides a data protection officer (DPO) dashboard so DPOs have a single view of key compliance areas.  Neo4j Neo4j is a graph solution that provides visibilityinto the organization’s data and the connections between and among data. Personal data can reside in many applications at many locations across the enterprise and in the cloud, and must be protected and managed in all locations. Organizations must be able to track data through its lifecycle, from its acquisition through use to removal. To track and control the data, connections among multiple systems and data silos must be understood. The Neo4j native graph database provides this visibility, together with analytics and data integration. It is available either as a download or an online tool.
  • 14.  Aircloak Insights  allows organizations to make use of protected data by anonymizing it for analysis so that the results can be shared without restrictions under GDPR. The solution consists of two pieces of software (the Air web frontend and the Cloak anonymization engine) running on two Docker containers for virtualization on Windows and Linux. It works with most popular databases, including a large set of SQL databases. GDPR Maintenance Tools  BigID BigOps
  • 15. A scanning tool that uses machine learning to continuously track changes in PII across the production and development environments in the data center or cloud. Machine learning allows the software to understand known personal data and its contexts, and then discover and catalog all personal data across the data stores. It integrates with automation frameworks such as Jenkins to monitor changes to the data across the development lifecycle, helping to ensure that it remains in compliance with GDPR requirements. It also helps with requirements for data breach response by allowing an organization to compare its data with that in a purloined data dump to determine within minutes if there has been a breach.  OneTrust privacy management software platform Automates tasks to enable continued compliance with GDPR requirements for website cookies and maintenance of subject request portals. OneTrust conducts ongoing scans of an organization’s web pages to identify and categorize cookies and provides a transparent mechanism for obtaining required cookie consents. The cookie compliance solution includes continuous scanning against a database of 5.5 million cookies. Organizations also can use OneTrust to create a portal and branded web
  • 16. form to deal with user requests for managing PII under GDPR. It can track and document user requests and the organization’s response.  FileCloud File Cloud is known as a enterprise file sharing and syncing platform. It now offers features to ease tasks associated with some GDPR requirements. Privacy settings make it easier to ask users for consent while accessing content from the cloud. Administrator tools allow for the deletion or anonymization of PII for right to be forgotten requests, or to reply to requests for PII that a company has on an individual. FileCloud also addresses the data portability requirement with the ability to export in standard formats.
  • 17.  Loom Systems Sophie for GDPR which Loom describes as an algorithmic IT operations (AIOps) tool, uses artificial intelligence (AI) to “analyze logs and unstructured machine data for immediate visibilityinto the IT environments.” The product has a “Find my PII” feature that automates the collection of sensitive logs. This makes it easier to comply with GDPR’s right to be forgotten mandate, as it allows you to quickly locate and delete personal data when a request to remove is received. End