Particularly sensitive is the fact that in future, the entire burden of proof concerning the correct handling of personal data lies with the companies. As such, the complete documentation of dealing with the data is just as important as the establishment of smooth, efficient processes for different situations.
Today, we would like to highlight two of our solutions that help IBM Domino customers with their documentation obligations around the EU GDPR:
- panagenda iDNA continuously documents which databases are accessed by whom in both read and/or write at any given time
- panagenda SecurityInsider documents who has access to which databases, including changes
Learn more about SecurityInsider below. Further helpful panagenda solutions around the EU-GDPR will be presented in the coming weeks. If you want to know more today, simply contact us and get a free consultation with a panagenda expert who will show you what role panagenda solutions can play in the realization of your GDPR plans.
EU-GDPR – a short overview
Numerous new provisions are determined by the General Data Protection Regulation. We have summarized particularly important points for you:
The right to be forgotten: Is the improvement of individual rights to data deletion and data portability. This is to ensure that personal digital information is not permanently available to companies, or can only be used with the consent of respective persons.
Administrative penalties of up to €20 million or 4% of worldwide turnover can be imposed, whichever is higher. The penalty depends on the severity of the misconduct.
Data breaches must be reported to the relevant data protection authority within 72 hours after becoming aware of the breach. The potentially affected persons are to be informed immediately of a data leak.
Companies are obliged to take “appropriate technical and organizational measures” to protect personal data. These measures must be constantly reviewed and updated.
For more detailed information, please contact a GDPR specialized lawyer or take a look at following legal text.
Document the access rights with panagenda SecurityInsider
SecurityInsider documents its results for historical evaluation from the time of installation and answers in particular, the following questions:
- Who has/had what access with which rights and when?
- Who is in which groups and why?
The breakdown of these questions allows for indispensable conclusions regarding the security of your data as well as subsequent decisions in the shortest possible time and based on up-to-date facts.
IBM Lifetime Champion Julian Robichaux introduces SecurtiyInsider’s core themes in three short videos:
One of the core things that SecurityInsider does, is analyze your Domino directory and Domino databases so you can tell exactly who has been given access through the ACL, what kind of access they have, and how they got that access. The video called “SecurityInsider Database Access Controls” can give you a quick run-through of how this works and what it looks like.
The video called “SecurityInsider Unknown User Identification” shows you a scenario of how to find situations where a user or a group of users has access to a database at a much higher level than they are supposed to. In that example, all the janitors in the company mysteriously have Manager access to a database that they’re only supposed to have Author access to. SecurityInsider can help you see how and why that happened.
The third new video, “ACL – Resolved Member List” helps to explain why SecurityInsider sometimes flags user names as “unknown”, what that means, and why it can have security implications.