Meeting GDPR Compliance with LepideAuditor

Due to GDPR regulations, most organizations will find themselves needing to appoint a Data Protection Officer. However, all organisations, regardless of whether a DPA is in place, need to be able to prove their compliance with the complex regulations that will come into place. Information Technology sections of this regulation can be met by auditing the IT infrastructure. However, native auditing methods alone are not enough, as they can be both too time consuming and complex. LepideAuditor provides a single centralized console that enables you to audit multiple instances of Active Directory, Group Policy Objects, Exchange Server, SharePoint, SQL Server, Windows File Server, NetApp Filer, Office 365 and Dropbox. It also holds numerous specific reports that can help you meet aspects of GDPR compliance.

Over 5,000 Organizations Use LepideAuditor to Meet Regulatory Compliance Mandates

Chapter II – Article 5 (1) (f) – Principles Relating to Personal Data Processing

This section of GDPR focuses on the security of personal data from unauthorized access, unlawful processing and accidental deletion. Auditing accesses made to relevant files and folders and tracking the permissions of users is a requirement when implementing the security of digital data. LepideAuditor performs Historical Permission Analysis of Active Directory, Exchange Server and File Server. Current Permission Report displays all current effective permissions of users on shared files and folders in File Server. LepideAuditor also monitors all accesses made to data stored on File Server and mailboxes on Exchange Server.

Chapter II – Article 5 (2) – Principles Relating to Personal Data Processing

This section requires organizations to prove their compliance with section 5 (1). You can install and configure LepideAuditor to display adherence with these sections. LepideAuditor has numerous inbuilt pre-defined reports that show all changes in permissions and all accesses made to crucial data. The real-time alerts help you to take immediate action against unwanted changes or unauthorized accesses. Our solution also allows you to restore the state of Active Directory Objects and Group Policy Objects to restore the permissions of Active Directory users to their last known good state.

Chapter IV – Articles 24 (1) (Responsibility of the Controller) and 32 (2) (Security of Processing)

To comply with this section, organizations have to display that they are processing data as per GDPR requirements. As multiple server components deal with the personal data stored in files, folders and mailboxes, the entire IT infrastructure will need to be audited. Auditing each component separately using native methods is complex and messy. LepideAuditor provides a single console for auditing multiple instances of different server components.

Chapter IV – Article 24 (2) - Responsibility of the Controller

This section requires organizations to produce proof of compliance with article 24 (1). LepideAuditor keeps a long-term record of changes made in the configuration of server components, accesses made to the data and changes in permissions of users/objects. These records are displayed in predefined reports in text and graph formats, which can be saved as files on the disk or can be delivered through email at scheduled intervals. You can customize any of the Active Directory, Group Policy or File Server Modification Reports to create a customized report suited to your requirements. You can also create real-time alerts that can be sent as emails, as updates to Radar Tab and as notifications to the LepideAuditor App.

Chapter IV – Articles 25 (1) (Data Protection by Design and by Default) and 32 (1) (Security of Processing)

This section requires organizations to have proper mechanisms in place for the protection of data in the IT environment. Auditing of accesses made to data, user permissions and of user activities on the computers or servers will inevitably help you secure your data. You will gain full visibility into who is trying to log on to a critical computer, access a mailbox, read an important file or delete files. LepideAuditor audits all changes made in permissions, accesses made to data and user activities on the different computers and servers. Any unauthorized change or access is brought to the notice of intended recipients through email or push-notifications to the LepideAuditor App.

Chapter IV – Article 25 (2) – Data Protection by Design and by Default

This section requires organizations to maintain accesses made to data. Only authorized and relevant users should be able to access data. Organizations must implement access privileges in their IT environment and monitor accesses made to personal data. LepideAuditor audits user permission changes in Active Directory, Exchange Server, SharePoint, SQL Server, Windows File Server and NetApp Filers. It also monitors accesses made to data stored in File Server, SharePoint and SQL Server. Alerts in real-time are sent through email to selected recipients or through notifications to the LepideAuditor App once an unauthorized access or unwanted change in permission is detected.

Find out more about how Lepide can help you meet GDPR compliance with our full mapping guide

View PDF
Want to see the award-winning LepideAuditor in action? Schedule a Demo

Read all reviews

Read all stories

More from Lepide

Insider Threats Don’t Apply to Me…Do They?

Despite being responsible for around 30% of all cybercrime, insider threats don’t seem to get the same attention when it comes to security budgets as preventing external attacks.

Learn More ->
Popular Cyber Attack Methods and How to Mitigate Them

This White Paper will go through some of the most popular cyber-attack methods attackers are using and the steps you can take to mitigate the risks of you falling victim to them.

Learn More ->
LepideAuditor 18.7 – Analyze Your Excessive Permissions

The latest version of the award-winning LepideAuditor now enables you to analyze users and objects with excessive permissions to help you avoid privilege abuse.

Learn More ->

Lepide® is a registered trademark of Lepide Software Private Limited. © Copyright 2018 Lepide Software Private Limited. All trademarks acknowledged.