The General Data Protection Regulation (GDPR) is intended to strengthen and unify data protection for all individuals in the European Union. It also affects non-EU companies that may hold personal data of EU citizens. The GDPR became enforceable across the EU on May 25th, 2018.
Severe Non-Compliance Penalties
The penalty for is non-compliance is severe – fines of up to 4% of global turnover can be levied on a company for a personal data breach that contains EU citizen data – and organizations must be able to demonstrate compliance to the regulation.
Monitor Activity on Systems Containing Personal Data
Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.
Monitor Relevant Group Membership
Keep access to systems containing personal data to a minimum with Cygna Auditor's group reports that show membership of secured system users and administrators.
Monitor Secured System Permissions
Keeping group membership current is only half the battle – you must ensure that permissions on systems holding personal data stay correct. Cygna Auditor's permissions reports enable you to be sure access is only what it needs to be.
Real-Time Notification of Unusual Activity
Cygna Auditor's built-in and custom alerting notifies you of unusual activity such as scripted permission changes, or mass file updates typical of ransomware.
Examples of Addressed GDPR Compliance Requirement
Cygna Auditor primarily addresses topics in Chapter 2 (Principles) and Chapter 4 (Controller and processor) of the GDPR, though there may be other areas addressable depending upon your compliance implementation.
Ch 2/Article 5 / Para 1: Personal data shall be processed in a manner that ensures appropriate security of the personal data
Ch 2/Article 5 / Para 2: The controller shall be able to…demonstrate compliance with paragraph 1
Ch 4/Article 24 / Para 1: The controller shall implement…technical…measures…to be able to demonstrate that processing is in accordance with this Regulation
Ch 4/Article 25 / Para 1: The controller shall…implement appropriate technical…measures…designed to implement data-protection principles
Ch 4/Article 25 / Para 2: The controller shall implement…technical…measures…for ensuring…only personal data…which are necessary…are processed
Ch 4/Article 32 / Para 1: The controller shall implement…technical…measures…to ensure…security appropriate to the risk
Ch 4/Article 32 / Para 2: In assessing the appropriate level of security, account shall be taken of the risks…presented by processing…personal data
Ch 4/Article 33 / Para 1: In the case of a personal data breach, the controller shall…not later than 72 hours…notify the supervisory authority