Erasing for Safety: General Data Protection Regulation (GDPR)

Published on May 26, 2020

By:

Sujay Doshi, Senior Product Manager for Cyber Threat Content

Abhishek RVRK Sharma, Senior Technical Marketing Engineer

 

General Data Protection Regulation (GDPR)

(Image source: Pixabay.com)

“You’ve just been erased,”

said John Kruger (Arnold Schwarzenegger) to Lee Cullen (Vanessa Williams) as he made her part of the Witness Security Protection Program (Eraser (1996)). According to him, every record that showed that she ever existed had been wiped clean, giving her a fresh start to live safe from those who were out to kill her before she could expose them.

Hollywood does make things sound simple - but sadly, it is not as easy in real life. As the amount of data companies process and hold grows exponentially, keeping track of personal data usage can be a difficult task. As data finds its way on to the cloud, whether on on-premises servers or on internet servers, keeping track of data controllers to verify proper usage and deletion of data is sometimes an impossible task.

The European Union’s General Data Protection Regulation (GDPR) is a law aimed at protecting citizen privacy. The GDPR established a new normal for how an individual’s data should be handled and its focus on anonymization has been adopted by software vendors across the world. As GDPR enters its second year on the 25th of May, two other important aspects of GDPR are gaining more attention from the data privacy and compliance teams around the globe: Right to be Forgotten and Data Erasure.

 

Why Is This Important?

One example is when an employee is transferred between geographies for work. This change in geography could entail a change in data privacy requirements. Another example is when an employee leaves or is terminated. The retention of their data by the organization they used to belong to is no longer required, except for certain essential data required for archival purposes. Other examples include a change in the organization’s privacy policy or revocation of consent by the employee. These situations require the capability to erase data partially or completely.

 

Securonix Enhances GDPR Capabilities With Data Erasure and Right to Be Forgotten

Securonix enforces strong controls on data to meet GDPR compliance requirements including:

  • Data masking and encryption
  • Granular role-based access control (RBAC)
  • Detailed audit trails and log tampering reports
  • Data filtering
  • Activity reporting

The privacy capabilities of the Securonix platform have been approved by customer work councils across Europe and Asia.

Securonix has introduced further enhancements to their GDPR compliance and security capabilities, adding enhanced support for Right to Forget and Data Erasure.

The Right to Forget feature provides you with the capability to erase employee data older than a specified period for a single employee or group of employees. This feature removes all direct and linked data for the specified entity, eliminating the need to search through multiple data sources.

The Data Erasure feature allows you to completely erase all data linked to an employee or group of employees based on any identity or HR criteria (e.g., region, department, or title).

 

How Securonix Accomplishes Right to Forget and Data Erasure Compliance

User and Entity Correlation

A user in an organization may generate activity tied to multiple individual identities with different account names, IP address, hostname, etc. This makes it difficult for legacy solutions to find and track back activities to the user’s global identity, preventing complete data erasure.

 

The Securonix platform links all of the activities of a user to a single global user identity

The Securonix platform links all of the activities of a user to a single global user identity – whether it is attributed to their laptop hostname, corporate IP address, network domain username, or email address. This enables Securonix to identify and delete all user events across multiple devices in one action.

Governance and Workflow

Securonix ensures comprehensive governance capabilities, with a planned approval workflow process to approve all deletions. The granular RBAC workflow capability allows users to request or approve GDPR and data privacy actions, depending on their defined role. A secure, structured workflow is critical to enabling the safe use of utilities such as data erasure.

The platform also maintains a detailed, complete audit trail of all requests, approvals, and erasures, with easy log access to ensure compliance requirements are met.

 

The platform also maintains a detailed, complete audit trail of all requests, approvals, and erasures, with easy log access to ensure compliance requirements are met.

With Securonix, GDPR compliance is both assured as well as effective. Using the Securonix platform, analysts can confidently say to employees looking to exercise their data privacy rights:

“You’ve just been erased.”

 

For More Information Download the General Data Protection Regulation White Paper