When preparing for compliance, organisations must interpret audit requirements and controls, and then also face the huge task of managing and analysing extreme volumes of data – and the consequences of non-compliance can be significant. Matraxis has partnered with LogPoint to address these issues with a practical and cost effective solution.
What is GDPR?
GDPR comes into force in May 2018, replacing the current Data Protection Act. Although an EU directive the UK government has confirmed that the decision to leave the EU will not affect the regulations before or after the UK leaves the EU.
The GDPR significantly expands the level of accountability of data processors and controllers. Importantly the GDPR requires business leaders to prove that they are following the principles of the GDPR.
LogPoint Security Information and Event Management - SIEM will enable you to examine, analyse and report on individual networks which is necessary for all organisations to adhere to GDPR requirements.
What are the consequences for businesses and organisations?
GDPR legislation consists of a complex suite of requirements and companies will be required by law to report data breaches to a supervisory authority and to individuals concerned. Failing to comply could mean fines of up to 20M Euro or 4 percent of your global turnover whichever is greater.
How can Matraxis and LogPoint help make your organisation achieve GDPR compliance?
A Comprehensive Security Information and Event Management solution.
A professionally implemented LogPoint SIEM will ensure that the necessary logs exist LogPoint can assist your organisation in complying with this new standard. By utilising our SIEM solution, you will be able to monitor access to systems where personally identifiable information is stored as well as monitor the security on those systems and receive alerts when they are accessed. A thoroughly implemented SIEM installation will ensure that logs exist, are stored and protected, while the processes around the SIEM will ensure that alerts, incidents and reports are processed in due time.
GDPR Key Points of Reference
Individuals must provide specific, informed and unequivocal consent for the processing of their information collected for specific purposes. Valid consent must be explicit for the data collected and the purposes used - and consent may be withdrawn. It is required that organisations are able to prove consent for ‘sensitive’ data.
Data Protection Officer (DPO):
With the regulation all public institutions will be required to employ a DPO. All private organisations must also employ a DPO if their business is centred on processing personally identifiable information or systematic monitoring of people. Where a DPO is not required all businesses must be able to document that they are in control of security concerning personally identifiable information.
The data controller will be obliged to notify the relevant supervisory authorities without “undue delay” and in some cases where individuals are affected within 72 hours of becoming aware of the breach. In such cases individuals whose data have been breached also have to be notified.
The Right to Erasure:
Individuals have the right to request removal of personally identifiable information on a number of grounds such as the data no longer required for the collected purpose or if the individual withdraws their consent.
The GDPR outlines that individuals must be able to transfer their data from one processor to another, and the data must be presented in a structured, commonly used electronic format. This is implemented to ensure individuals are protected from having their data stored on closed platforms, where they are subject to lock-in.
For more information on GDPR
.. and to receive a free copy of the
Institute of Directors (IoD) - Cyber Security Policy Report
Call us +44 20 8133 8323