As the EU General Data Protection Regulation (GDPR) entered in effect a year ago in May 2018, it triggered an unprecedented and much-needed focus on data privacy. Not only within the European Union but around the globe, where providers of digital services delivered to consumers within the EU, have been compelled to comply with GDPR. The activation of GDPR has been a tremendous driver in privacy protection everywhere, from the tiniest web shop business to the largest multinational tech giants.
In the first year of GDPR, 280,000+ cases were received by data protection authorities according to the International Association of Privacy Professionals. 144,000 individual complaints have been filed, more than 89,000 data breach notifications have been dispatched and fines amounting to EUR 56 million. handed out. This is likely only the “tip of the iceberg” and a precursor of what is still to come, as data protection authorities get up to speed and consumers become increasingly aware of their right to data privacy.
Despite the recent fame of GDPR, compliance with data privacy, security regulations, and other legislation have been hot issues for more than a decade. Whether it’s payment card information (PCI-DSS standard established in 2004), financial accountability (Sarbanes-Oxley Act passed in 2002), safeguarding personal health information (HIPAA established in 1996) or any other of the numerous governmental and organizational standards in existence.
Safeguarding information, ensuring accountability and the right to personal data is a much broader issue than just GDPR, and compliance to whatwever standards apply to your business. Why? Because in an increasingly complex digital environment, sensitive data is not confined to a single application, a single database, a single server, or even a single network. Sensitive data exists everywhere in your IT infrastructure, and compliance requires your organization to be able to monitor all data.
This is where Security Information Event Management (SIEM) comes into play: A SIEM solution like LogPoint enables you to monitor all of your information in real-time. To observe who accesses it, when and where. To observe when data is changed or transferred. LogPoint enables you to take immediate action when a compliance threshold is passed, or when a combination of indicators of unauthorized access or usage is registered in your system.
But most importantly, LogPoint enables you to ensure compliance across information “silos” in your infrastructure, supporting the complex digital environment. Rather than looking deep into individual pools of data from single sources, you look at data from across your entire IT infrastructure. LogPoint automatically ingests data from any and all sources in your network, combining log data in a common language, and enabling advanced analytics and correlation of data across sources.
To demonstrate how the LogPoint SIEM solution is used to ensure compliance in your organization, we have put together a number of Use Cases, including monitoring of critical systems, file integrity monitoring, spotting and tracking unauthorized network or systems access and monitoring international data transfers, that are cornerstone compliance indicators. Specifically for GDPR compliance, we have put together a comprehensive range of GDPR reports, that works out-of-the-box to ensure confidentiality, integrity, and availability of systems relating to Personally Identifiable Information.
The LogPoint SIEM solution provides a holistic approach to compliance, providing real-time monitoring across your entire IT infrastructure, preserving your log data for investigation purposes, and enabling you to document compliance – not only with GDPR, but also PCI-DSS, Sarbanes-Oxley, HIPAA and other standards.