General Data Protection Regulation (GDPR) Breach Reporting

GDPR applies to any business holding personal information relating to EU subjects, no matter where the organisation is located. This data must be stored securely and adequately protected.

When the EU General Data Protection Regulation (GDPR) goes into effect on 25th May 2018, organisations will have just 72 hours to report detected breaches to the relevant authorities. Failure to do so could result in a significant fine up to €10 million or 2 percent of total annual sales, whichever is greater. However, identifying which records have been compromised in such a short timeframe could prove impossible without the right tools.

IT security is a major business challenge that every organisation must address, and the scope of security threats continues to expand. Today external threats are a given, and insider threats are a growing concern as well, yet in the face of all this security teams are typically understaffed and often overwhelmed.

Not only can security breaches lead to lost revenue, a tarnished brand image, and customer churn, but under GDPR the liability for lost customer data is potentially immense and governmental and organisational regulatory requirements are formidable.

When a breach occurs, an organisation must be prepared to deliver quick answers to these five critical questions:

  • What was compromised, and what data was exposed?
  • Who was responsible for the vulnerability?
  • Who was responsible for the attack itself?
  • Has the breach been resolved?
  • Can the resolution be validated?

Security teams already have a multifaceted set of tools to detect and prevent breaches, but they won’t necessarily help them understand the full nature of an attack and the extent to which it was successful in compromising IT assets and sensitive data. And they can’t always validate that the breach has been resolved and the data secured.

Fortunately, network teams can close these gaps through packet-based monitoring tools that capture, store, and analyse vast amounts of network traffic. They can then send these packets to the security team so they can reconstruct network conversations. These network conversations can provide the most complete picture of what exactly happened when the security breach occurred, or provide vital evidence that an attack was unsuccessful.

of enterprises use packet data in security incident investigations today, and another 30% would like to do so.

of IT organisations store full packet captures for security investigations.

An Observer GigaStor appliance, part of the Observer Performance Management Platform, positioned inside the network near the firewall, captures, encrypts, and stores all your network traffic, just like a closed-circuit television (CCTV) camera captures everything that passes by it. This solution provides the critical post-event platform needed for your comprehensive GDPR compliance strategy.

The secured wire data is then available to reconstruct and review security issues quickly in context of all network traffic occurring before, during and after the event. Network and security teams can collaboratively verify attack details and compromised data in accordance with General Data Protection Regulation.

While many organisations use the Observer Platform primarily for network and application troubleshooting, nearly half of customers also use the platform for post-incident network security forensics investigations. This functionality is critical for GDPR compliance in three ways:

  • Pre-incident validation that the organisation has taken sufficient steps to ensure its ability to investigate and report attack details to authorities within 72 hours, as well as the ability to verify successful remediation.
  • Pre-incident discovery and mapping of network infrastructure involved in supporting applications and services collecting, analysing and storing personally identifiable information.
  • Post-incident investigation with the Observer Platform and its captured data can prove that no information was compromised and help organizations identify or provide documentation of what data was affected, how access was achieved, and if intellectual property was compromised.

The forthcoming GDPR legislation will drive significant changes in the way organisations process personal data. If data privacy isn’t built into collection, storage and security processes by design, enterprises risk huge financial and reputation consequences.

While many of the requirements of the GDPR will require lengthy analysis and planning, the Observer Platform can be implemented immediately. As you implement strategies to become compliant with the GDPR, an effective network performance monitoring solution with robust security forensics will do much more than simply cover your assets.

Start the process to become compliant with the General Data Protection Regulation today by downloading this helpful white paper and learn more about how the Observer Platform can provide your organisation with key capabilities for GDPR compliance.

“IT operations teams must leverage network forensic evidence collected by NPMD solutions to help security operations teams solve difficult security problems”

Gartner Research