Increased documentation and data classification requirements mean that you need to know where personal data is, who’s accessing it, and making sure only the right people have access to it
Identify where personal data is located (SharePoint, Cloud, etc.) to meet data accountability
Monitor and audit data access and permission changes. Record all data
Delete global accesses
and overexposed data. Make sure PII is kept on a need to know basis.
Apply a least privilege access model, ensuring personal data by
design and by default.
Limit data retention: establish data retention procedures so data is not stored longer than needed
Data classification = Knowledge of where personal data is stored on your system, especially in unstructured formats in documents, presentations, and spreadsheets.
With GDPR, you need to know when data was collected and why to ensure compliant ongoing access & usage. Metadata Analysis provides this much-needed context.
Personal data held should be periodically reviewed to see whether it needs to be saved, to minimise data retention and meet the 'right to be forgotten'.
Classifying both structured and unstructured data provides understanding and control of who accesses personal data stored and who should be allowed to.
Bytes Security Partnerships and Data Classification and Control Partner Varonis Systems help uncover security issues quickly and give context around metadata and what’s actually happening on your file and email servers, SharePoint, and Active Directory.
Breach notification requirements place a new burden on data controllers - reporting with context. Under GDPR, the mantra should be “always monitoring”. You’ll need to spot unusual patterns against files containing personal data, and promptly report exposure to the local authority.
Varonis’ innovative user behaviour analytics with privileged account detection analyse and detect suspicious activity – helping you detect potential security breaches, misconfigurations, and other issues and thus easing compliance with the new regulations.
Want to know more about GDPR and Data Classification? Call us on 0845 075 0560 or email us at email@example.com