GDPR preparation—Testing
GDPR compliance auditing will be new to many organizations that have never been under a compliance regulation before. Therefore, many of the logistics around the preparation, ongoing compliance, and audits related to the GDPR will be foreign. One of the key aspects of any compliance regulation, especially the GDPR, isproving you've taken the minimum measures to secure the personal data protected by the GDPR.
Securing data is the first step, which we here at ManageEngine have been discussing for months. However, you also need to ensure that you test not only your security, but all other aspects of your environment to ensure that you are meeting GDPR regulations. Here is a short list of settings and other technologies that you will need to test with regard to GDPR data:
- Backup and restoration of data is effective
- Encryption of data (at rest and in motion) is effective
- Permissions are correct and effective
- Group membership is correct and effective
- Firewall configurations are correct and effective
- GDPR-related application configurations and group access are correct and effective
- User provisioning for data access is accurate
- User deprovisioning for removal of access to data is accurate
Comments