Battle Test Your GDPR Plan

Battle Test Your GDPR Plan

GDPR compliance auditing will be new to many organizations that have never been under a compliance regulation before. Therefore, many of the logistics around the preparation, ongoing compliance, and audits related to the GDPR will be foreign. One of the key aspects of any compliance regulation, especially the GDPR, is proving you’ve taken the minimum measures to secure the personal data protected by the GDPR.

Securing data is the first step. However, you also need to ensure that you test not only your security, but all other aspects of your environment to ensure that you are meeting GDPR regulations. Here is a short list of settings and other technologies that you will need to test with regard to GDPR data:

  1. Backup and restoration of data is effective
  2. Encryption of data (at rest and in motion) is effective
  3. Permissions are correct and effective
  4. Group membership is correct and effective
  5. Firewall configurations are correct and effective
  6. GDPR-related application configurations and group access are correct and effective
  7. User provisioning for data access is accurate
  8. User deprovisioning for removal of access to data is accurate

For each of these tests that you perform, you should keep a record of the date, process, and results that you can provide to auditors. This will go a long way in proving that you are meeting the minimum requirements of the GDPR and you are maintaining the security of your data.

    • Related Articles

    • Preparing for the GDPR: Designing Active Directory groups

      One aspect of the GDPR is the fact that all users who have access to personal data must be monitored. As a best practice, only groups should be placed on the access control lists (ACLs) of personal data, not individual users. Therefore, it is the ...

    • How to move an existing Exchange server to a new computer

      Introduction: There can be several reasons for migrating an existing Exchange server to a new server machine. The existing server machine could be at the end of its warranty period or would need to be decommissioned for many other reasons. Migrating ...

    • Active Directory Security Baseline: Explained

      Every business organization is different from one another. They serve their customers differently, their end users behave differently, and ultimately, the way that the organization handles cyber threat is vastly different from one another. Healthcare ...

    • Detecting changes in privileged accounts in Azure AD

      Monitoring and protecting privileged accounts is paramount because failure to do so can lead to loss or theft of sensitive information, or enable malware to compromise your network. Privileged accounts can include global administrators, Azure ...

    • Find and Delete Unliked GPOs

      Cleaning up Unlinked GPOs using PowerShell Unlinked GPO's, otherwise called orphaned GPOs are not linked to any Active Directory sites, domains, or organizational units (OUs). To minimize management overhead, these unlinked GPO's should be deleted as ...