GDPR Compliance Assistant is an out-of-the-box tool which uses Splunk’s search and report capabilities as well as flexibility to assist companies with the GDPR security requirements compliance.
The "GDPR Compliance Assistant" application offers a set of well-defined dashboards which will help companies to ensure that appropriate technical measures have been implemented for the protection of personal data, as required by the GDPR.
At the same time, the dashboards will help demonstrating compliance with security requirements, thus adhering to one of the main GDPR principles, accountability.
Information about the application pricing can be found here.
ABOUT GDPR COMPLIANCE ASSISTANT
One of the core obligations of GDPR for all companies, acting either as data controllers or data processors, is to ensure the security of personal data.
Security of data processing is not an isolated obligation in GDPR, addressed under a particular article. On the contrary, it should be considered within the overall GDPR accountability framework for data protection. Under the accountability principle as codified in the GDPR, controllers and processors are required to implement appropriate technical and organisational measures to ensure and be able to demonstrate that data processing is securely performed in accordance with the GDPR.
This application will help DPOs (Data Protection Officers) or anyone in the company in charge of personal data protection to ensure that appropriate technical security measures have been properly implemented, in line with established policies and procedures. Continuous monitoring of the GDPR Compliance Assistant dashboards provides assurance that these measures are reviewed and updated as necessary.
The application can also be a powerful accountability tool, by demonstrating to the data protection authorities the existence of appropriate security measures and their periodic follow-up.
Ultimately, these measures should minimise the risk of breaches and uphold the protection of personal data.
“GDPR Compliance Assistant” Splunk app provides the following benefits for the companies obliged to comply with GDPR:
Ability to demonstrate compliance with GDPR requirements related to information security (“accountability”),
Visibility over key information security events and activities related to systems that store personal data,
DPO’s are provided with a tool that allows them to have a better overview of GDPR requirements related to information security,
Possibility to extend the application for further use cases related to GDPR compliance.
GDPR ASSISTANT COMPLIANCE DASHBOARDS
The application offers the following dashboards in order to ensure personal data environment security:
Successful and failed operating system logins for systems containing personal data (Please refer to figure 2)
Successful and failed database logins, for databases containing personal data
Successful and failed application logins on systems containing personal data
Logins or attempted logins at operating system, database or application level outside predefined working hours
Logins or attempted logins at operating system, database or application level for administrative accounts
Logins or attempted logins at operating system, database or application level for non-personalized accounts (“root”, “administrator” etc.)
Logins or attempted logins at operating system, database or application level during employee’s work leave
Logins or attempted logins at application, operating system and database level using insecure or clear text protocols
Logins or attempted logins at application, operating system and database level using remote access
Account management activities (creation, deletion, password reset etc.) for monitored user repositories (Please refer to figure 3)
Malware infections detected on systems which store personal data (Please refer to figure 4)
Recorded cyber-attacks against systems which store personal data
Information about missing patches and system updates for systems which store personal data
The list of users whose password has not been changed in the last x days (x – compliant with company’s password policy)
Information about system restarts and uptime for systems containing personal data
Besides the investigative function of the above-mentioned dashboards, the application offers easily schedulable reports for each dashboard (Please refer to figure 5). The generated reports present information in a manner that makes the most sense to the business user and help transfer the information to the appropriate management level.
You can find the demo video of GDPR Compliance Assistant application below.