One of the GDPR’s most important security requirements is that organizations must deploy technical measures to track who accesses personal data. If your organization is gearing up for the GDPR, be sure to verify that the permissions to access and perform operations on personal data are granted only to those who need it before starting to audit user activity. Determine who gets access to personal data based on the purpose for which the data is being collected and ensure that you grant permissions to only those users.
Let’s say your job is to collect email addresses from customers who reside in the EU for after-sales support. In the consent document you send to users, it states that the data collected will be processed for after-sales support for the first 30 days after purchase, and will then be used to send out marketing collaterals for another 30 days.
When the GDPR comes into effect on May 25, 2018, you’ll need to ensure that:
- For the first 30 days, access is only granted to the customer relationship professionals in your company.
- For the next 30 days, only those who are involved in marketing follow-ups have access to that personal information.
- After 60 days, access to all of the above-mentioned employees is revoked.
To ensure you’re granting and revoking access to personal data accurately, without violating the purpose stated in your consent documents, you need a comprehensive Active Directory management and reporting solution like ADManager Plus.
We know that meeting the GDPR’s requirements can seem daunting. If you’ve got questions about managing personal data when it comes to the GDPR, we invite you to attend our free webinar entitled “Comply with the GDPR: Managing personal data and access to personal data” on January 30th at 11am GMT.
We’ll be covering how to isolate personal data, set up proper access controls, review and manage the user permissions to personal data, and automate user permission management operations, all in an effort to comply with GDPR requirements.
Don’t miss it! Register right away.