Direct Inward Dialing: +1 408 916 9892
The General Data Protection Regulation (GDPR) is a compliance regulation that provides citizens of the European Union greater control over their data. Under this mandate, organizations should protect the personal data and privacy of EU citizens for transactions that occur within the EU. It was approved by the European Parliament in April 2016, and came into force on May 25, 2018.
Failure to fulfill any of these conditions will result in legal implications, and hefty penalties.
GDPR applies not only to all the organizations operating within the EU, but also organizations outside of the EU which offer goods or services to customers or businesses in the EU. This means almost all the major companies in the world need to be GDPR-compliant.
According to GDPR, the data-handlers can be classified into two types, processors and controllers. A controller is a "person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data", while the processor is a "person, public authority, agency or other body which processes personal data on behalf of the controller." For example, a supermarket chain decides to collect and process customer information to design marketing campaigns and improve sales. It outsources the task to a digital marketing agency that would process the information collected and carry out the marketing campaign on behalf of the supermarket. In this case, the supermarket chain is the data controller and the marketing agency is a data processor.
Any data that can be used to identify an individual is considered personal data under GDPR. This data can include but is not limited to name, address, photos, genetic data, biometric data, and IP address. Individuals whose information is collected by companies and can be distinctly identified with the collected personal data are termed data subjects.
GDPR makes it mandatory for organizations to report data breaches that involve compromise of personal data such as name, date of birth, bank details, health records, etc to the relevant supervisory authority via a breach notification.
Once an organization identifies a breach, it must report to the relevant data protection authority within 72 hours. Meanwhile, if the breach has the potential to cause serious consequences such as risk the rights and freedom of individuals, customers or the public must be notified without any delay.
Non-compliance with GDPR regulations can prove to be very expensive for organizations. The penalties can range from 10 million Euros to either 4 percent of the company's global turnover or 20 million Euros.
Activities like infringement of rights of data subjects', failing to put adequate data protection procedures in place, and ignoring data subjects' request to access their data warrant the highest penalty of 20 million euros or 4 percent of worldwide turnover, whichever is greater. Mishandling data security in other ways such as failure to report a data breach call for a lower fine of 10 million Euros or 2 percent of global turnover, whichever is greater.
The severity of the breach, and the efforts taken by the company to ensure future data security are taken into account while levying fines.
Ace GDPR with ADAudit Plus.
Fully functional 30-day trial
If Active Directory is an integral part of your organization's network, and you store personal data in files within Windows file servers, ADAudit Plus is the ideal tool to help your organization be GDPR-compliant. Through its numerous out-of-the-box reports, ADAudit Plus provides a complete audit trail of your valuable data and helps in addressing GDPR compliance requirements. It also helps IT administrators detect suspicious activities within the network and ward off threats both external and internal.
Once ADAudit Plus has been installed, it can automatically configure audit policies required for Active Directory auditing. To enable automatic configuration: Log in to the ADAudit Plus web console → Domain Settings → Audit Policy: Configure.
Image: The 'Compliance' tab shows reports that help you stay GLBA compliant.
This report helps in determining users' logon activities across the network. Information such as who logged into the network, from which device at what time can be found here.
The report lists the files that were modified recently and who altered the files.
This report describes any attempts to logon to your organization's servers.
This report displays all the changes that have been made to user attributes within the Active Directory environment.
This report lists permission changes that were made to a folder. You can view if any user was recently granted permissions and who made the modification.
The report helps in monitoring attempts to read specific files, and identifying unauthorized file accesses.
This report lists all the unsuccessful attempts to read a file, by whom the file read request was made and at what time.
ADAudit Plus is a real-time, web-based Windows Active Directory (AD) change reporting software that audits, reports and alerts on Active Directory, Windows servers and workstations, and NAS storage devices to meet the demands of security, and compliance requirements. ADAudit Plus has several ready-made report bundles which help in fulfilling not just GDPR but numerous other compliance regulations like FISMA, SOX, HIPAA etc. To learn more, visit https://www.manageengine.com/active-directory-audit/
Try ADAudit Plus login monitoring tool to audit, track, and respond to malicious login and logoff actions instantaneously.
Try ADAudit Plus for free
Free Edition
