How ManageEngine helps you meet GDPR compliance requirements
| Requirement/ Article |
Requirement | Product | Capability/ Feature | Rules | Summary reports | Description |
|---|---|---|---|---|---|---|
| Article 5 - 1(b) | "Personal data shall be: Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’)..." | Log360 | Log360: Real time alert capability, Database auditing, File integrity monitoring | All file/folder changes: Created File/Folder Deleted File/Folder Modified File/Folder Permission Changes Overwrite File analysis reports: Old files Stale files Unmodified files Database change auditing reports (MS SQL or Oracle databases): Database table deleted Database table modified (DDL query execution) Unauthorized login failures Permission changes for files or folders Database account creation Database schema changes |
With the help of Log360 real time alerting capability, organizations will be alerted when any anomalous activity take place. Log360 simplifies database auditing by automatically collecting and monitoring logs from different database servers. Apart from collecting logs – it analyzes and correlates this data to provide insightful reports on database activity across all these platforms. This allows you to investigate potential issues and ensure the security of your databases. | |
| Article 5 - 1(d) | "Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)..." | Log360 | Log360: Database auditing | Database table deleted Database table modified (DDL query execution Unauthorized login failures Permission changes for files or folders Database account creation Database schema changes |
Log360 provides database activity monitoring for Microsoft SQL, MySQL, Oracle and IBM DB2 applications. The solution helps you gain instant alerts and ready-made reports of database activity to prove compliance with stringent IT regulatory mandates. | |
| Article 5 - 1(f) | "Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidentalloss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)." | Log360, DataSecurity Plus | Log360: Predefined alert profiles and real-time alert notifications, audit reports on DML and DDL operations. File integrity monitoring to detect file changes. | Multiple file permission changes Excessive file removal Suspicious file access Possible ransomware activities Excessive file removal |
File access File modified File deletion Database table deleted Modified (DDL query execution) Unauthorized login failures Permission changes for file or folde Database account creation Database schema change |
Log360 comes with pre-configured alerts for suspicious activities potentially indicating unauthorized access attempts, data breaches, or other security incidents. It also continuously monitors and audits DML and DDL activities in SQL and Oracle databases, alerting security personnel to any changes. It also tracks changes to database server accounts. DataSecurity Plus helps to maintain the data integrity by auditing file and folder actions including create, rename, delete, copy, and more, in real time. |
| Article 25 - 2 | "The controller shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. 3In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons." | ADManager Plus | ADManager Plus: Workflows Notification rulesAssignment rules | ADManager Plus reports: Workflow in ADManager Plus Notification rules Assignment rules ADManager Plus also helps to keep track of permission records. Users in groupsGroups for users Shares in the servers Permissions for folders Folders accessible by accounts Servers accessible by accounts Server permissions |
ADManager Plus simplifies Active Directory management tasks by utilizing workflows. These workflows define a sequence of steps for handling user, group, computer, contact, and permission management requests. Additionally, ADManager Plus enables you to send detailed request information to technicians and other stakeholders via email and SMS. | |
| Article 30 - 1 | "Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility." | ADManager Plus | Get a complete audit trail of all the activities related to personal data. ADManager Plus reports: Workflow historyHelp desk technician audit |
Shares in the Servers Permissions for Folders Folders accessible by Accounts Server Permissions Subnet Permissions Servers accessible by Accounts Subnets accessible by Accounts AD Objects accessible by Accounts Inactive Users Users Never Logged On Logon Hour Based Report Account Never Expires Users Users with Password Never Expires Group MembersGroups for Users Admin Audit ReportAudit Report |
ADManager Plus provides comprehensive audit capabilities through detailed reports and functionalities, that enables administrators to track and document access to personal data stored in Active Directory. Users can view and manage group memberships, audit shared folder permissions, and monitor access rights across specified locations. The platform enables oversight of workflow requests and management actions, ensuring transparency in data processing activities. | |
| Article 32 - 1 | "Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk." | ADSelfService Plus, RecoveryManager Plus | ADSelfService Plus: Strong password policy and MFA settings. RecoveryManager Plus: Backup and recovery. | ADSelfService Plus offers strong password policy and MFA settings that can help your organization comply with the GDPR. ADSelfService Plus provides adaptive MFA with 20 different authentication factors to secure organizational resources, such as machines, applications, VPNs, OWA, and RDPs. RecoveryManager Plus is a backup solution providing you with the ability to easily backup and restore your data. | ||
| Article 32 - 1(b) | "The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;" | Log360 | Log360: Database auditing | Database table deleted Database table modified (DDL query execution) Unauthorized login failures Permission changes for files or folders Database account creation Database schema changes |
Regularly audit the systems (or servers) that store and applications (databases) that process personal data. Get notified in real-time with Log360, upon any unauthorized access attempts, permission changes, privilege escalations, or unexpected shutdowns of servers and applications that could result in potential threats affecting their confidentiality or integrity. | |
| Article 32 - 1(d) | "a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing." | Log360 | Log360: Log collection | Network Device Configuration Reports, Network Device Attack Reports, Network Device Security Reports, Network Device Logon Reports, Printer Auditing Reports, File Changes | Log360 collects data from devices like firewalls, vulnerability scanners, file servers, databases, Linux/Unix machines, IBM AS400 systems, and more. | |
| Article 32 - 2 | "In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed." | Log360, Exchange Reporter Plus | Log360: Database auditing, File integrity monitoring Exchange Reporter Plus: Data transmission audit via email |
Database table deleted Database table modified (DDL query execution) Unauthorized login failures Permission changes for files or folders Database account creation Database schema changes Exchange reporter plus compliance reports: Messages by Subject Mails Sent by Shared Mailbox Mails Received by Shared Mailbox Mailbox Permission Changes User Mailbox Security Mailbox Created Mailbox Deleted Mailbox Content Reports:Folder Message Count And Size Folder - wise Unread Mails with Subject Messages by Subject Keyword Messages by Body Keyword Attachments by File Name Keyword Attachments by File Extension Keyword Attachments by File Size Message Count and Size Summary Folder-wise Read Mails with Subject |
Exchange Reporter Plus help to comply with the GDPR by: Locating messages based on keywords in their content.Filtering messages based on attachments' name, type, and extension.Auditing changes to mailbox permissions.View emails deleted or moved across folders in your organization. Identify non-owner mailbox logons.Get real-time alerts about critical changes to your Exchange environment. | |
| Article 32 - 4 | "The controller and processor shall take steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by Union or Member State law." | ADManager plus | AD Manager Plus: Folders accessible by accountsHelp desk technician auditAdmin audit | Users in groups Groups for users Shares in the servers Permissions for folders Folders accessible by accounts Servers accessible by accounts Server permissions Folders accessible by accounts Help desk technician audit Admin audit |
ADManager Plus helps to keep track of permission records. It generates alerts if any person who does not have explicit permission attempts to access the data. | |
| Article 33 - 1 | "In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay." | Log360, ADAudit Plus | Log360: Correlation rules, UEBA ADAuditPlus: User's Last Logon reports | Correlation rules: SQL injectionRansomware attacksCross-site scriptingDenial of Service Distributed Denial of Service. | ADAuditPlus predefined alert profiles to detect backdoor account creation: Modified admin groups Members added to privileged groups New user creation Domain policy changes GPO changes Monitors critical security events to detect potential threats:Users logged into multiple computers Administrator logon activity ADAuditPlus GDPR compliance reports: User's Last Logon Member Server Logon Activity Files Modified User Attribute New and Old Value Folder Permission Changes File Read Access Failed attempt to Read File |
Log360 correlation engine helps to detect data breaches. It is capable of detecting data leakages for many well known attack. Log360's UEBA detects anomalous activities of users and entities. This helps identify and mitigate insider threats, account compromise and data exfiltration attempts at an early stage. ADAudit Plus helps you detect brute-force attacks with its extensive user logon auditing capability. It helps to get insights into: Logon failures due to a bad password or username. Logon activity based on domain controller and IP address. Account lockouts, including when the user got locked out, from which device, and their logon history. ADAudit Plus can also promptly detect backdoor account detection with its real-time alerts module. |
| Article 33 - 5 | "The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with this Article." | Log360 | Log360: Forensic analysis, Incident work bench | Log360's log search engine helps to perform forensic analysis. The forensic analysis provide information like: who was responsible for the breach, when the breach occurred, systems that were affected because of the breach, data that got transmitted, exposed, deleted or tampered. By enabling faster investigation and efficient evidence collection, the incident workbench helps you meet the timeframes and information requirements for notifying authorities and data subjects about personal data breaches. |
Take the lead in data protection best practices with our unified SIEM solution!
