The European Union General Data Protection Regulation (GDPR) gives EU individuals more control over their personal data but also compels organizations to use stronger security and privacy controls when storing or processing EU personal data. Unfortunately, there’s not a single tool to help an organization fully comply with the GDPR. But, there are an array of tools that can help with GDPR compliance.
One such tool is the Security Information and Event Management (SIEM) which plays an important role in GDPR compliance. SIEM adoption has increased dramatically over the last few years. Complex compliance requirements such as PCI DSS and HIPAA demand advanced threat monitoring and management. As a result, SIEM has been a go-to choice for information security professionals.
SIEM also aligns well with several of the requirements set forth by the GDPR. A few notable articles specifically highlight that organizations must:
maintain a record of their processing activities;
document the kind of data being processed;
define the purpose of the processing;
document the parties with whom the data is shared;
set the data retention limits for the processed data; and
ensure proper security measures are taken to protect the data.
A SIEM can become a centralized point for all data collection and analysis activities. It offers intelligent insights into system logs and network information. Once the SIEM is configured properly, it can look for malicious behavior and system activities, alerting your team of security incidents before they become an impactful data breach. An impactful data and serious fines are ultimately what you want to avoid under the GDPR.
At the same time, data captured within the SIEM can contain personally identifiable data. Therefore, it’s important to understand the potential opportunities and threats using SIEM for GDPR compliance.
How SIEM Helps with GDPR Compliance
Implementing a SIEM and configuring it to identify security incidents in your network helps prove that your organization has the proper security controls in place to handle EU subject data. Not only that, but the SIEM solution can be mapped and converted directly to the GDPR requirements. And, it can allow your analysts to detect, prevent, and investigate a potential data breach quickly. In a SANS Institute’s study, ‘2017 Data Protection Survey,’ research analysts reported that SIEM and log data are relied on the most to determine the root cause of a data breach.
When reporting an impactful data breach to EU authorities, you need to provide detailed information related to the scope of the breach – what data was accessed and affected as well as what the risk is to EU data subjects. Many of the answers to these questions can be found within your SIEM solution.
Another area where the GDPR and SIEM go together is the “right to be forgotten” requirement under Article 17. Organizations need a mechanism to delete data but also to prove personal data was deleted if required by EU authorities. You can pull the log data from the batch deletion to validate that the data was deleted. The log data from the SIEM can also tell you who accessed the data and when it was processed. The more data you can show to EU supervisory authorities the better. SIEM becomes the centralized location to manage these GDPR compliance requests and handle breach reporting during the incident response process.
Be Mindful of Personal Data Within Log Processing
Any information identifying a person in the EU – first name, last name, email, IP addresses, etc. can be in scope as “personal data” under the GDPR. When processing log and network data, your SIEM solution may hold this data and could create problems with GDPR compliance. To mitigate this risk, an organization can choose to use pseudonymization and/or encryption. This reduces the risk that personal data is attributed to a specific person, or at the very least protect this data when stored.
Any personal data in a log can be separated and pseudonymized so that it is only accessible when needed. When data is pseudonymized, the sensitive data is replaced with a value that does not allow the data subject to be identified. With encryption, data on endpoints can be encrypted through full disk encryption and monitored through SIEM alerts. Data stored in backups and storage infrastructure can also be encrypted. SIEMs can track access to these locations and monitor for any attempts to move that data out of the network. Lastly, some SIEM tools include pseudonymization or data masking capabilities. Another reason why you might want to consider it as the platform to manage and monitor compliance with the GDPR.
Overall, SIEM solutions can be a valuable tool when safeguarding data within your organization. Keep in mind that a SIEM is not an end-all tool for GDPR compliance but can certainly address some of the distinct requirements for appropriate technical and security controls under the GDPR.