Meeting GDPR compliance with LepideAuditorTM
Due to GDPR regulations, most organizations will find themselves needing to appoint a Data Protection Officer. However, all organisations, regardless of whether a DPA is in place, need to be able to prove their compliance with the complex regulations that will come into place. Information Technology sections of this regulation can be met by auditing the IT infrastructure. However, native auditing methods alone are not enough, as they can be both too time consuming and complex. LepideAuditor provides a single centralized console that enables you to audit multiple instances of Active Directory, Group Policy Objects, Exchange Server, SharePoint, SQL Server, Windows File Server, NetApp Filer, Office 365 and Dropbox. It also holds numerous specific reports that can help you meet aspects of GDPR compliance.
Getting Ready for the GDPR: How LepideAuditor Helps
Webinar Recorded on: 2 February 2018
View Recording
Chapter II – Article 5 (1) (f) – Principles Relating to Personal Data Processing
This section of GDPR focuses on the security of personal data from unauthorized access, unlawful processing and accidental deletion. Auditing accesses made to relevant files and folders and tracking the permissions of users is a requirement when implementing the security of digital data. LepideAuditor performs Historical Permission Analysis of Active Directory, Exchange Server and File Server. Current Permission Report displays all current effective permissions of users on shared files and folders in File Server. LepideAuditor also monitors all accesses made to data stored on File Server and mailboxes on Exchange Server.
Chapter II – Article 5 (2) – Principles Relating to Personal Data Processing
This section requires organizations to prove their compliance with section 5 (1). You can install and configure LepideAuditor to display adherence with these sections. LepideAuditor has numerous inbuilt pre-defined reports that show all changes in permissions and all accesses made to crucial data. The real-time alerts help you to take immediate action against unwanted changes or unauthorized accesses. Our solution also allows you to restore the state of Active Directory Objects and Group Policy Objects to restore the permissions of Active Directory users to their last known good state.
Chapter IV – Articles 24 (1) (Responsibility of the Controller) and 32 (2) (Security of Processing)
To comply with this section, organizations have to display that they are processing data as per GDPR requirements. As multiple server components deal with the personal data stored in files, folders and mailboxes, the entire IT infrastructure will need to be audited. Auditing each component separately using native methods is complex and messy. LepideAuditor provides a single console for auditing multiple instances of different server components.
Chapter IV – Article 24 (2) - Responsibility of the Controller
This section requires organizations to produce proof of compliance with article 24 (1). LepideAuditor keeps a long-term record of changes made in the configuration of server components, accesses made to the data and changes in permissions of users/objects. These records are displayed in predefined reports in text and graph formats, which can be saved as files on the disk or can be delivered through email at scheduled intervals. You can customize any of the Active Directory, Group Policy or File Server Modification Reports to create a customized report suited to your requirements. You can also create real-time alerts that can be sent as emails, as updates to Radar Tab and as notifications to the LepideAuditor App.
Chapter IV – Articles 25 (1) (Data Protection by Design and by Default) and 32 (1) (Security of Processing)
This section requires organizations to have proper mechanisms in place for the protection of data in the IT environment. Auditing of accesses made to data, user permissions and of user activities on the computers or servers will inevitably help you secure your data. You will gain full visibility into who is trying to log on to a critical computer, access a mailbox, read an important file or delete files. LepideAuditor audits all changes made in permissions, accesses made to data and user activities on the different computers and servers. Any unauthorized change or access is brought to the notice of intended recipients through email or push-notifications to the LepideAuditor App.
Chapter IV – Article 25 (2) – Data Protection by Design and by Default
This section requires organizations to maintain accesses made to data. Only authorized and relevant users should be able to access data. Organizations must implement access privileges in their IT environment and monitor accesses made to personal data. LepideAuditor audits user permission changes in Active Directory, Exchange Server, SharePoint, SQL Server, Windows File Server and NetApp Filers. It also monitors accesses made to data stored in File Server, SharePoint and SQL Server. Alerts in real-time are sent through email to selected recipients or through notifications to the LepideAuditor App once an unauthorized access or unwanted change in permission is detected.
