GDPR Compliance Solutions
The General Data Protection Regulation (GDPR) is a new European Union regulation adopted by the European Parliament and the Council of the European Union in April 2016; it came into force on 25 May 2018.
The GDPR focuses on protection of data privacy and is set to replace the old European data protection regulation (Data Protection Directive 95/46/EC) from 1995. The main goal of the GDPR is to give individuals (data subjects) better control over their personal data and to unify rules regarding the handling of personal data across all EU member states in order to simplify compliance with data protection standards and all related legal procedures.
The GDPR introduces extensive changes to the existing rules regarding privacy and data protection within the EU:
- Widened scope of regulations. The GDPR applies to data processors (companies that gather and process private user data) and controllers (companies that use private user data) based in the EU, as well as to those outside the EU if they offer goods and services to EU citizens. GDPR compliance is required regardless of whether data processing takes place within the EU. GDPR experts estimate that as many as 90% of companies subject to the regulation are currently not prepared to comply with it.
- Increased penalties for non-compliance. The GDPR uses a tiered approach to penalties, with the severity of a penalty being dependent on the severity of the violation. The maximum penalty for failure to comply with the GDPR is up to 4% of annual global turnover or up to €20 million, whichever is greater.
- Expanded rights of data subjects. Under the GDPR, data subjects have the right to be informed that their personal data is being gathered, the right to access their personal data, the right to request rectification of incorrect data, the right for data to be erased, the right to restrict possession of their data, and the right to transfer their data to other services.
- Higher data security standards. As per GDPR requirements, companies need to implement all necessary measures to protect personal data based on thorough risk assessment, including encryption, access control, monitoring of processing activities, etc.
- Requirement to appoint data protection officers. Under the GDPR, companies processing large quantities of personal data are required to appoint a data protection officer who will monitor compliance and process requests from data subjects regarding their personal data.
- One-stop-shop principle. The GDPR unifies the handling of all matters regarding personal data across the EU, making it possible for data subjects to file complaints in their country of residence even if their data was processed by a company based in another EU country.
Ekran System is an insider threat protection solution focused on monitoring user activity. By providing a complete tamper-proof audit trail of everything that happens within each user session, Ekran System allows customers to quickly detect and mitigate insider threats and helps them meet compliance with a variety of data protection regulations, including the GDPR.
Here are four ways in which Ekran System can help you implement the GDPR requirements:
1. Ekran System helps you demonstrate compliance
One of the major requirements of the GDPR is for companies to be able to clearly demonstrate compliance with the law to the regulatory body (GDPR Articles 5 and 24). This involves proving that all data is processed in a legal way with all possible security measures applied.
Ekran System performs full video recordings of everything that happens within user sessions, and these videos are coupled with detailed metadata. All recordings are easily searchable and present a complete tamper-proof audit trail of user activity.
This audit trail serves as clear evidence of compliance with GDPR regulations, as it clearly demonstrates how data was processed and by whom. The Ekran System audit trail can be presented to a regulator in addition to written records of data processing activity to serve as definitive proof that a company has complied with GDPR requirements.
2. Ekran System helps you maintain records of processing activities
Under the GDPR, it’s important to maintain records of all activities related to data processing and clearly know how and by whom sensitive data is processed (GDPR Articles 24 and 39).
The extensive monitoring capabilities of Ekran System allow you to easily gather any information you may need about data processing. Additional authentication options allow you to clearly match each recorded session with an individual user even for shared accounts, while the monitoring agent with special low-level protection is able to record all activity regardless of the software used.
Ekran System’s wide range of recording filters allows you to choose which applications and at which times you want to record, making sure you capture only the necessary information.
The full audit trail produced by Ekran System can be used alongside written records to prove that your company processes all personal data within GDPR regulations as well as to quickly detect and mitigate any incidents that may take place.
3. Ekran System helps strengthen your data protection
One of the key aspects of the GDPR is strengthening the protection of personal data possessed and processed by companies. Thus, controllers and processors are required to implement all technical and procedural measures necessary to protect personal data in their possession in accordance with the risks said data faces (GDPR Articles 32 and 35).
Ekran System not only proves compliance and provides a reliable audit trail but also serves as a cyber security tool that protects your data. With its robust monitoring capabilities, Ekran System deters inside attackers and allows you to quickly detect suspicious incidents as they happen. Security personnel can then watch suspicious sessions live and block them if data misuse is taking place.
Ekran System also provides additional access control functionality, including two-factor authentication, which protects data from unauthorized access by both inside and outside actors.
4. Ekran System is a great detection and investigation tool
One of the key elements of increased protection of user data is quick disclosure of any incidents. GDPR Article 33 states that all incidents that can pose a risk to data subjects (such as potential fraud or identity theft as a result of data loss) should be disclosed both to data subjects themselves and to appropriate authorities within 72 hours from the moment they are detected. Disclosed information should include all details regarding the case as well as protective measures that were taken by the company to prevent such an incident.
Ekran System features a robust alerting functionality that allows you to quickly detect any potential incidents. It comes with a set of pre-defined alerts that cover the most common cases of insider attacks and also features the ability to create custom alerts tailored to the needs of your company. Once an incident has been detected, you can either watch the session live if it’s ongoing (and block it in case suspicious activity is taking place) or watch a recording of the incident in order to determine exactly what happened in full detail.
Ekran System also provides the ability to export data in a tamper-proof forensic format, which allows you to present data to a regulatory body or even a court as evidence. With Ekran System, you’ll be able to detect incidents, investigate them quickly, and report all results before the 72-hour deadline imposed by the GDPR.
As with any cyber security solution, GDPR compliance software can be quite expensive. On the other hand, Ekran System was designed with enterprise in mind and offers a licensing model that makes deployment easily scalable.
If you need a powerful GDPR compliance solution, look no further than Ekran System. With comprehensive insider threat protection functionality, reliable detection tools, and great potential for incident investigation, employing Ekran System is a great way to prepare for GDPR.