The EU General Data Protection Regulation (GDPR) is put into force on 25th May 2018 and is the most influential change in privacy and data protection with a worldwide impact. Particularly sensitive is the fact that in future, the entire burden of proof concerning the correct handling of personal data lies with the companies. As such, the complete documentation of dealing with the data is just as important as the establishment of smooth, efficient processes for different situations.
Knowledge comes from raw data and algorithms. Comparisons of data with oil or gold are misleading because data can be copied at marginal cost. Unlike with physical resources, it will therefore not be the scarcity but the control over data copies that will be crucial in future.
Today, we would like to highlight two of our solutions that help IBM Domino customers with their documentation obligations around the EU GDPR:
You already have GreenLight or MarvelClient?
Then get your SecurityInsider upgrade for just $2 per user by January 31, 2018!
Learn more about SecurityInsider below. Further helpful panagenda solutions around the EU-GDPR will be presented in the coming weeks. If you want to know more today, simply contact us and get a free consultation with a panagenda expert who will show you what role panagenda solutions can play in the realization of your GDPR plans.
EU-GDPR – a short overview
Numerous new provisions are determined by the General Data Protection Regulation. We have summarized particularly important points for you:
The right to be forgotten: Is the improvement of individual rights to data deletion and data portability. This is to ensure that personal digital information is not permanently available to companies, or can only be used with the consent of respective persons.
Administrative penalties of up to €20 million or 4% of worldwide turnover can be imposed, whichever is higher. The penalty depends on the severity of the misconduct.
Data breaches must be reported to the relevant data protection authority within 72 hours after becoming aware of the breach. The potentially affected persons are to be informed immediately of a data leak.
Companies are obliged to take “appropriate technical and organizational measures” to protect personal data. These measures must be constantly reviewed and updated.
Document the access rights with panagenda SecurityInsider
SecurityInsider documents its results for historical evaluation from the time of installation and answers in particular, the following questions:
- Who has/had what access with which rights and when?
- Who is in which groups and why?
The breakdown of these questions allows for indispensable conclusions regarding the security of your data as well as subsequent decisions in the shortest possible time and based on up-to-date facts.
Verify the security of your databases and claim your free SecurityInsider trial license today.
One of the core things that SecurityInsider does, is analyze your Domino directory and Domino databases so you can tell exactly who has been given access through the ACL, what kind of access they have, and how they got that access. The video called “SecurityInsider Database Access Controls” can give you a quick run-through of how this works and what it looks like.
The video called “SecurityInsider Unknown User Identification” shows you a scenario of how to find situations where a user or a group of users has access to a database at a much higher level than they are supposed to. In that example, all the janitors in the company mysteriously have Manager access to a database that they’re only supposed to have Author access to. SecurityInsider can help you see how and why that happened.
The third new video, “ACL – Resolved Member List” helps to explain why SecurityInsider sometimes flags user names as “unknown”, what that means, and why it can have security implications.