Russell McDermottSales EngineerRussell.Mcdermott@netwrix.com+44 (0) 203 588 3023 x 2208

Address GDPR Requirementswith Netwrix Auditor

How to Ask Questions

Type your question here

Click “Send”

Agenda

What the GDPR is

The key GDPR principles

The GDPR requirements we can assist you with

How to address the GDPR provisions with Netwrix Auditor

Q&A

Useful Resources

Prize Drawing

Why You Should Start Now

The GDPR impacts all

organisations processing

data of the EU citizens

Fines for non-compliance are tremendous

The GDPR imposes tighter limits on the useof personal data

The GDPR Content

The (GDPR) is designed to harmonize data privacy laws across Europe, to

protect and empower all EU citizens data privacy and to reshape the way

organizations across the region approach data privacy.

• ~200 pages, 99 articles

• Organisational and technical requirements

http://www.eugdpr.org

TIME UNTIL GDPR ENFORCEMENT421 DAYS

Necessary Vocabulary

o Data Controller

o Data Processor

o Personal Data

o …

eugdpr.org/glossary-of-terms.html

Key Data Protection Principles

1. Data Security

2. Data Accountability

3. Timely Response

4. Audit Trail

Address GDPR Requirements

Article 5. Processing of Personal Data, §1

Personal data shall be processed in a manner that ensures appropriate security

of the personal data, including protection against unauthorised or unlawful

processing and against accidental loss, destruction or damage, using

appropriate technical or organisational measures (‘integrity and confidentiality ’).

How to achieve?

Сontrol over access rights assignment

Review user access to sensitive content and data

Subscribe to the following reports: Files and Folders Deleted, Data Deletions,

Files and Folders Moved, Files and Folders Renamed, and Files Copied

Article 5. Processing of Personal Data, §2

The controller shall be responsible for, and be able to demonstrate

compliance with, paragraph 1 (‘accountability’).

How to achieve?

Demonstrate your data protection controls using a complete audit trail

Easily access archived audit data for investigations

Article 24. Responsibility of the Сontroller, §1

The controller shall implement appropriate technical and organisational

measures to ensure and to be able to demonstrate that processing is

performed in accordance with this Regulation. Those measures shall be

reviewed and updated where necessary.

How to achieve?

Track systems configuration changes

Track data access that posed threats to personal data

Use reports to prove that all controls are in place

Article 25. Data Protection by Design, §1

The controller shall implement appropriate technical and organisational

measures at the time of the determination of the processing means and at

the time of the processing itself.

How to achieve?

Identify and evaluate the effectiveness of existing controls

Make necessary changes to improve it

Review IT changes and access events across critical IT systems

Monitor installations and removals of software apps, hardware devices

Use interactive search to quickly find information that you need

Article 25. Data Protection by Design, §2

The controller shall implement appropriate technical and organisational

measures for ensuring that, by default, only personal data, which are necessary

for each specific purpose of the processing, are processed. In particular, such

measures shall ensure that by default personal data are not made accessible to

an indefinite number of natural persons.

How to achieve?

Be sure that only authorised users have access to personal data

Check the reports showing permission states, group membership states

Review reports that show enabled, disabled, expired and locked user

accounts

Article 32. Security of Processing, §1

The controller and the processor shall implement measures to ensure a

level of security appropriate to the risk, including the ability to ensure the

ongoing confidentiality, integrity, availability and resilience of processing

systems and services; the ability to restore the availability and access to

personal data.

How to achieve?

Use overview dashboards to see what’s happening in IT infrastructure

Revert unauthorised or accidental Active Directory changes

Article 32. Security of Processing, §4

The controller and processor shall take steps to ensure that any person

who has access to personal data does not process them except on

instructions from the controller, unless he or she is required to do so by

Union or Member State law.

How to achieve?

Stay aware of any employees activity outside business hours

Review the Access to Archive Data report

Use the video recording capability

Article 33. Notification of a Data Breach, §1

In the case of a personal data breach, the controller shall without undue

delay and, where feasible, not later than 72 hours after having become

aware of it, notify the personal data breach to the supervisory authority.

How to achieve?

Respond quickly to threat patterns using alerts

Assign a group of people to monitor critical IT systems

Netwrix Auditor Platform

Netwrix Auditor

A visibility and governance platform that enables control over

changes, configurations, and access in hybrid cloud IT environments by

providing security analytics to detect anomalies in user behavior and

investigate threat pattern before a data breach occurs.

Netwrix Auditor Benefits

Relieves IT departments of manual

crawling through weeks of log data

to get the information about who

changed what, when and where

and who has access to what.

Detect Data Security Threats – On Premises

and in the Cloud

Pass Compliance Audits with Less Effort and

Expense

Increase the Productivity of Security and Operations Teams

Bridges the visibility gap by

delivering security analytics about

critical changes, state of

configurations and data access in

hybrid cloud IT environments and

enables investigation of suspicious

user behavior.

Provides the evidence required to

prove that your organization’s IT

security program adheres to PCI

DSS, HIPAA, HITECH, SOX,

FISMA/NIST800-53, COBIT, ISO/IEC

27001 and other standards.

Netwrix Auditor Applications

Active Directory Exchange

Office 365 Windows File Servers EMC

NetApp

Windows Server VMwareSQL Server

SharePoint

Azure AD

Oracle Database

Netwrix Customers

Financial

State, Local Government/Education

Technology/Internet/Retail/Food/Other

Heavy Industry/Engineering/Manufacturing/Transportation

About Netwrix Corporation

Year of foundation:

2006

Headquarters location:

Irvine, California

Global customer base:

over 7000

Recognition:

Among the fastest growing software companies in the US with 95 industry awards from Redmond Magazine, SC Magazine, Windows IT Pro and others

Awards

All awards: www.netwrix.com/awards

Read more about the GDPR netwrix.com/GDPR_Compliance.html

Watch intro webinar about the GDPR get.netwrix.com/webinar-what-the-gdpr-is/

Download GDPR mapping get.netwrix.com/gdpr-compliance/

Free Trial: setup in your own test environment:

On-premises: netwrix.com/freetrial

Virtual: netwrix.com/go/appliance

Cloud: netwrix.com/go/cloud

Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive

Live Demo: product tour with Netwrix expert netwrix.com/livedemo

Contact Sales to obtain more information netwrix.com/contactsales

Webinars: join our upcoming webinars and watch the recorded sessions

netwrix.com/webinars

Next Steps

Thank You!