GDPR and Data Classification


Data Discovery and Classification

- A critical element of GDPR compliance


The new breach notification requirements in the GDPR demand heightened data monitoring, providing the ability to spot unusual behaviour and access patterns.

Increased documentation and data classification requirements mean that you need to know where personal data is, who’s accessing it, and making sure only the right people have access to it


GDPR Compliance starts with understanding the data itself. It’s more critical than ever to know your data. Where is sensitive data stored? Who is accessing it? Who should be?

A Classification Framework for GDPR Compliance

Identify where personal data is located (SharePoint, Cloud, etc.) to meet data accountability

Monitor and audit data access and permission changes. Record all data
processing.


Delete global accesses
and overexposed data. Make sure PII is kept on a need to know basis.

Apply a least privilege access model, ensuring personal data by
design and by default.

Limit data retention: establish data retention procedures so data is not stored longer than needed

Data Classification - providing answers to help GDPR compliance


Where is our Personal Data?

Data classification = Knowledge of where personal data is stored on your system, especially in unstructured formats in documents, presentations, and spreadsheets.

When/Why Was It Collected?

With GDPR, you need to know when data was collected and why to ensure compliant ongoing access & usage. Metadata Analysis provides this much-needed context.

How can I Regularly Review?

Personal data held should be periodically reviewed to see whether it needs to be saved, to minimise data retention and meet the 'right to be forgotten'.

Who has Access Rights?

Classifying both structured and unstructured data provides understanding and control of who accesses personal data stored and who should be allowed to.

How Bytes and Varonis Can Help

Bytes Security Partnerships and Data Classification and Control Partner Varonis Systems help uncover security issues quickly and give context around metadata and what’s actually happening on your file and email servers, SharePoint, and Active Directory.

This assists with compliance with two key parts of the GDPR - Privacy by Design & By Default (PbD) and Breach Notification.

We start by answering the three most critical questions:


What sensitive data do I have?

Where is it? (on-premise, with third parties or in the cloud)

How is it being accessed?


Why is Data Classification vital for Breach Notification?

Breach notification requirements place a new burden on data controllers - reporting with context. Under GDPR, the mantra should be “always monitoring”. You’ll need to spot unusual patterns against files containing personal data, and promptly report exposure to the local authority.

Varonis’ innovative user behaviour analytics with privileged account detection analyse and detect suspicious activity – helping you detect potential security breaches, misconfigurations, and other issues and thus easing compliance with the new regulations.

Outcomes

  • Increased security with machine learning and user behaviour analytics (UBA)
  • Automatically alerting on suspicious activity and potential security incidents
  • Establishing incident response and forensics procedures


How prepared are you for GDPR? To what extent do you comply? Find out with a free GDPR Readiness Assessment

Request a Free GDPR Readiness Assessment


Interested in Data Classification & GDPR? Use the form or contact us details below to send us an enquiry


Want to know more about GDPR and Data Classification? Call us on 0845 075 0560 or email us at securitysales@bytes.co.uk

Get a quote...

Email instead Call us