In part three we discussed how no one person, organization or vendor has ‘the’ silver bullet to GDPR compliance. What you need is an array of tools and people to address the many challenges ahead.
Saying that not all technical solutions are equal in their value to a GDPR project. Given GDPR is a Data Governance project (as discussed in part two), it makes sense to leverage both technology and people with Data Governance running through their veins
Stealthbits is that.
Stealthbits has focused on Data Governance for 16 years, focusing on being the best at providing a global leading Data Access Governance platform for unstructured data.
We have a comprehensive breakdown of articles and chapters along with a functionality and report mapping. The detail is far too much for a blog so please contact your local Stealthbits representative who can provide you with this. For quick reference, here’s an outline:
For the full infographic with detailed explanations of each section, please follow this link: https://stealthbits.com/eu-gdpr/
If you look at the high-level requirements of the GDPR as well as the following statistics regarding Data Governance, you can start to see the scale of the challenge ahead if your organization hasn’t already undertaken or started a Data Access Governance project.
This includes file systems, SharePoint, Email, cloud Storage. Anything that isn’t stored in a database or application with a set format. Unstructured data is hard to manage and could, in theory, be anywhere in your environment.
Your user account and groups that provide access to unstructured and often structured data, is managed by Active Directory. The policies that govern things such as passwords, access levels, name resolution and many other business critical services are also reliant on AD. Active Directory is the foundation of most businesses environment. Lose AD, lose access to data.
Put AD and data together, add a pinch of legacy practices and general day to day use and people end up with access to data they shouldn’t. That could be the ability to read files they shouldn’t or manipulating files they should only read. Either way, this breaks all basic rules of Data Governance and ‘Privacy by Design’.
I would say this is a problem in 100% of organizations to some degree.
if the breach is discovered at all. Most data breaches are never uncovered. A breach isn’t just the headline grabbing incident like Yahoo. It also covers that former employee who takes a document to their new role with them.
Either way, for GDPR it’s not so much the discovery that applies to the 72-hour notification period, it’s the ability to investigate the ‘Who, what, where, when and how’ once a breach has been discovered. These findings must then be supplied to the appropriate regulatory authority.
Next week we conclude this series by pulling together elements from each blog to form a strategy for addressing GDPR compliance; understand the challenge, engage the right people/organizations, utilize the right technology and act now.
For a comprehensive breakdown of Stealthbits solutions and features please follow these links:
Mark Wilson is a Director of Product Management at STEALTHbits Technologies.
He is lead Pre-Sales consultant in the EMEA region and a key member of the global Product Marketing team.
Mark has 18 years’ experience working in virtually all technical support and consulting roles across both public and private sectors in the UK, EMEA and Globally.
Areas of specialism include compliance, data governance, IAM, migrations and consolidations.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.Read more
Start a Free Stealthbits Trial!
No risk. No obligation.
Leave a Reply