Help! I Need a Silver Bullet for GDPR Compliance!
Does Metalogix sell a GDPR silver bullet? Well, the bad news is…we don’t sell a GDPR quick fix. But in reality, that doesn’t exist!
But what if we have a way to help you build your company’s information security resilience… and help comply with GDPR regulations? Sounds good, right?
What the Heck is Information Security Resilience?
Security is complex, and it’s frequently not a “one-size-fits-all” solution.
For example, think about your home. You secure your home and the valuables inside using a variety of different tools—building your resilience against threats. You lock your doors and windows, adopt a dog that barks loudly, and leave a light on inside when you are not home.
Maybe you take it further by installing an alarm system, a motion activated light over your garage, and sensors on the windows to detect when they are opened. You might even hide your valuables somewhere safe inside the house and put a bat by your bedside.
Regardless of whether you are using all of these measures or none of them, you have developed a security plan that balances the level of risk with your level of comfort, leveraged technology and manual processes where necessary, and provided a multi-layered resilience to external threats.
Protecting your company’s informational assets and your customer’s personal data should follow the same path. First, evaluate the level of protection you need and then implement a multi-layered approach that builds your resilience against risk, exposure, and threat.
Put the right processes in place and use technology to help support them. (A.K.A. lock the doors and windows every night, and turn on the alarm to make sure no one breaks that barrier without you being alerted.)
Where Do Regulations Come Into Play?
Regulations should help ensure you are making the right decisions when putting security measures into place. However, this is where things can get tricky, because a regulation may not be easy to comply with or fall in line with what your organization deems prudent security measures. But, regulations are a fact of life. And who wants to hand over hard-earned revenue to pay hefty fines, anyways?
So, with the GDPR implementation date (May 25, 2018) quickly approaching, you are probably building up your information security resilience to protect and manage your informational assets with a focus on how to adequately comply with GDPR. It’s complex and one size will not fit all. Now you understand why Metalogix does not offer a “GDPR product.”
The Closest Thing to a “GDPR Product”
What we do have is a set of products that can help you tackle some of the hardest challenges when developing your information security resilience plan and GDPR compliance.
Leveraging Sensitive Content Manager and ControlPoint, you can identify where your personal data is located in SharePoint, protect it from data loss or breaches, and manage it to support your business processes effectively while complying with GDPR.
Here's how it works in three easy steps:
Find. For any information governance plan to work, it is crucial to know what information you have and where it is located. GDPR adds a layer of complexity because you need to also track the personal data you store and where you store it.
With Sensitive Content Manager, you can scan and detect personal data across your SharePoint environments in minutes—based on search criteria that you define.
Manage. After your data is located and classified as personal or non-personal, ControlPoint helps you apply your policy to it. These rules provide guardrails for normal and compliant use of your information, helping you to identify when abnormal behavior (like excessive file downloads or requests to view pages not typically accessed) occurs to help protect your data and identify potential “breach” activities.
This helps you address the GDPR requirements to take measures to protect personal data from damage, loss, or breach and report any breach within 72 hours by enabling you to set and enforce your defined governance policies and detect anomalous behavior.
Protect. Now that you know where the data resides, you can enforce your defined governance policies and monitor user behaviors. However, GDPR places greater accountability on organizations to prove that personal data is handled in a responsible manner. Establishing policies and transparency into user access—who has permission to view certain files or documents, how often personal data is being accessed and when abnormalities come up—ensures that you can keep a close pulse on your personal data, thereby helping you identify any breaches, quarantine information to prevent it from even occurring, and provide an auditable trail of access points.
ControlPoint enables you to produce highly granular audit reports, enabling you to comply with GDPR and any audit exercises, whether internal or external.
So getting back to my first question... Does Metalogix have a “GDPR silver bullet?”
I guess this was a long-winded way to say no, but a GDPR quick fix doesn’t exist. What we do have is a team of experts and a solution that can help you build your company’s resilience from threats and comply with some of the harder aspects of GDPR.
Interested in Learning More?
For more information, check out https://www.metalogix.com/gdpr.
Marisa is the Director of Product Marketing at Metalogix.