Watch On-Demand: How to Prepare for GDPR

Watch On-Demand: How to Prepare for GDPR

GDPR, or General Data Privacy Regulation, will come into force on 25 May 2018. GDPR requires organizations to maintain a plan to detect data breaches, regularly evaluate the effectiveness of security practices, and document evidence of compliance. If you don’t already have the required security tools and controls in place, your organization will need to start planning now to achieve compliance and mitigate the risk of high fines for failing to comply.

In this webcast, AlienVault CISO John McLeod provides insights into how AlienVault has approached the GDPR compliance process internally, along with how the Unified Security Management® (USM) platform can help accelerate and simplify your path to compliance.

Watch this on-demand webcast now, and learn:

  • Best practices for approaching GDPR compliance
  • How to assess your level of readiness and build your roadmap to compliance
  • How a unified security toolset can both expedite and simplify this process

They’ll also provide a brief demo of the USM platform to illustrate some of the technical controls you need in place TODAY for compliance.

Watch Now!


Looking for a better way to address threat management and compliance? By working with a professional security services organization and a SIEM like AlienVault®, you will have a better way to detect threats.

Virtually every regulatory mandate requires some form of log management to maintain an audit trail of activity. By utilizing a SIEM, Cybriant provides a mechanism to rapidly and easily deploy a log collection infrastructure that directly supports this requirement. Ticketing and alerting capabilities also satisfy routine log data review requirements.

Get more value out of your SIEM while meeting compliance regulations – find out more about Cybriant Managed SIEM with Security Monitoring: https://www.cybriant.com/managed-siem/

Managed SIEM with Security Monitoring

Watch On-Demand: How to Prepare for GDPR

GDPR: Steps to Help Your Organization Prepare

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. If your business handles data on EU residents then you must abide by the GDPR regulation. 

The Information Commissioner’s Office (ICO) has released a checklist to help organizations prepare for the GDPR:

  1. Awareness: Make sure the decision makers and key people in your organization are aware that the law is changing to the GDPR.
  2. The information you hold: Your organization needs to document what personal data you hold, where it came from
    and who you share it with. You may need to organize an information audit across the organization or within particular business areas.The GDPR requires you to maintain records of your processing activities.
  3. Communicating privacy information: Review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation. When you collect personal data you currently have to give people certain information, such as your identity and how you intend to use their information. This is usually done through a privacy notice.
  4. Individuals’ rights: Check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
  5. Subject access requests: You should update your procedures and plan how you will handle requests to take account of the new rules: If your organization handles a large number of access requests, consider the logistical implications of having to deal with requests more quickly.
  6. Lawful basis for processing personal data: Identify the lawful basis for your processing activity in the
    GDPR, document it and update your privacy notice to explain it.
  7. Consent: Review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
  8. Children: Consider whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.
  9. Data breaches: You should make sure you have the right procedures in place to detect, report and investigate a personal data breach. Need help? Cybriant can help. 
  10. Data Protection by Design and Data Protection Impact Assessments: It has always been good practice to adopt a privacy by design approach and to carry out a Privacy Impact Assessment (PIA) as part of this. However, the GDPR makes privacy by design an express legal requirement, under the term ‘data protection by design and by default’. It
    also makes PIAs – referred to as ‘Data Protection Impact Assessments’ or DPIAs – mandatory in certain circumstances.
  11. Data Protection Officers: You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organization ’s structure and governance arrangements.
  12. International: If your organization operates in more than one EU member state, you should determine your lead data protection supervisory authority and document this.

View the full checklist here. 

Need Help?