By now everyone knows that GDPR is a big deal. We also know that trying to make sense of the regulations can be tough, and formulating a response even tougher. GDPR requires that businesses disclose any personal data breaches to your Supervisory Authority (SA) within 72 hours of detection (less if you're in the financial services) - something all businesses affected are concerned about.
The good news is that we’ve built a new feature that will help make becoming and remaining GDPR compliant simpler and breach reporting less complex. Sounds good, right? ZoneFox Compliance Reporting has been built from the ground up to help you respond to, and manage, potential non-compliant activity efficiently and effectively, whether you’re an IT security analyst investigating a potential breach or a Data Protection Officer responsible for incident management and stringent regulatory reporting.
What is it?
- Compliance Reporting is a dedicated area of our platform, that contains specific policies pertaining to regulatory articles.
And for GDPR, our rules support core areas, including the Transfer of Data as well as the ability to quickly investigate a breach and provide scope details - supported by a detailed forensic trail ... critical for meeting the deadline.
It's super-easy to use too, with an intuitive dashboard, straightforward visuals and uncomplex reporting capabilities:
- Tools to help you create policies by regulatory framework, severity, time to reporting and reporting authority
- Real time alerting of regulation-specific incidents. The ability to forensically investigate the breach so you can identify whether it poses a substantial risk
- Tools to help you manage investigations and reporting functionality to support regulatory and management information reporting requirements
- A breach response countdown clock, to ensure you report any breach to the Supervisory Authority within regulatory timeframes
What compliance frameworks does it cover?
- The new feature is built to be flexible and to extend to a number of regulatory frameworks that involve investigation and reporting of unauthorized data transfers. While we anticipate the most urgent use cases will involve GDPR, frameworks including HIPAA and PCI DSS will also be supported ‘out of the box’ in the near future.
What GDPR non-compliant activities could this cover?
Example situations could be:
- Detection and investigation of possible exfiltration activities and data leaks
- Data being sent to unauthorised non-EEA and non-exempt countries
- Data being accessed by dark web browsers
- Unauthorised processing of known files containing data subject records such as downloads to removable media or processing
- Unauthorised accessing of known files containing data subject by unauthorised users
Does this cover all of GDPR?
- No. Some aspects of GDPR (like ensuring you have the consent of the data subject or that you have appropriate processes to handle data breaches) are beyond a one-size-fits-all solution. We concentrate solely on activities we can see on the endpoint that could potentially be non-compliant with GDPR. Interested? Talk to us to find out about a Compliance-focused Proof of Value - we'll tell you where you're meeting GDPR and where you're falling short so you can take the appropriate action.