Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Strengthen Your SIEM And Be Ready For The GDPR
While many organisations have been preparing for the GDPR for months, some may only just be starting now. Others may even have the strategy to wait and see what might happen after 25th May, to observe reference cases and the level of predicted fines in practice. Whatever your company’s position is, I want to share two different views that should be urgently considered if you own a SIEM solution.
How your SIEM solution supports the GDPR compliance program of your organisation
Your SIEM plays an important role to fulfill many requirements that the GDPR asks for. For example, Article 32 requires your organisation to assess and evaluate the effectiveness of technical and organisational measures, ensuring the security of data processing. In addition to this, Article 33 is in place with the need for better scoping of incidents, identifying if an incident lead to a breach, how sensitive the disclosed data is, and what needs to be reported. However, there are also less obvious articles under the GDPR where your SIEM is the best solution to help you (e.g. Article 6,15-18, 21, 22, 28, 58 and 82).
Often it’s a challenge to translate the non-technical legal requirements into actionable items. To help with this, we have created the below materials. Within each is an interpretation of the law, what it means for an organisation's business, and what you should do about it:
Whitepaper: How machine data supports GDPR compliance (DE | FR)
Splunk Security Essentials App - GDPR Use Case
Don't break GDPR compliance with your SIEM
Whatever SIEM solution you operate, it is highly likely that personal information is captured in the log data such as phone numbers, email addresses, cookies, RFID’s, geolocation and more. If it can identify an individual in combination with other data, you must ensure that you’re not in breach of the GDPR compliance. To help give guidance on this, we have conducted detailed analysis on how you should treat your SIEM solution, and log data under the GDPR. We invited Freddy Dezeure, former head of CERT-EU, to provide advice on how to operate your SIEM in compliance with the GDPR:
White Paper: A Layman’s Guide on How to Operate Your SIEM Under the GDPR (DE | FR)
Webinar with ISC2: GDPR Compliance - Don’t Let Your SIEM Be Your Downfall
It’s important to get yourself and your SIEM solution ready, as the journey won’t end when the GDPR comes into effect. There’s a lot that we will all learn in the lead up to 25th May, and probably more so beyond.
Best
Matthias
Related Articles
About Splunk
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
