GDPR compliance auditing will be new to many organizations that have never been under a compliance regulation before. Therefore, many of the logistics around the preparation, ongoing compliance, and audits related to the GDPR will be foreign. One of the key aspects of any compliance regulation, especially the GDPR, isproving you’ve taken the minimum measures to secure the personal data protected by the GDPR.
Securing data is the first step, which we here at ManageEngine have been discussing for months. However, you also need to ensure that you test not only your security, but all other aspects of your environment to ensure that you are meeting GDPR regulations. Here is a short list of settings and other technologies that you will need to test with regard to GDPR data:
- Backup and restoration of data is effective
- Encryption of data (at rest and in motion) is effective
- Permissions are correct and effective
- Group membership is correct and effective
- Firewall configurations are correct and effective
- GDPR-related application configurations and group access are correct and effective
- User provisioning for data access is accurate
- User deprovisioning for removal of access to data is accurate
For each of these tests that you perform, you should keep a record of the date, process, and results that you can provide to auditors. This will go a long way in proving that you are meeting the minimum requirements of the GDPR and you are maintaining the security of your data.
If you want to see more information on how to prepare and comply with the GDPR, please visit our dedicated site.