Strengthen Your SIEM And Be Ready For The GDPR

While many organisations have been preparing for the GDPR for months, some may only just be starting now. Others may even have the strategy to wait and see what might happen after 25th May, to observe reference cases and the level of predicted fines in practice. Whatever your company’s position is, I want to share two different views that should be urgently considered if you own a SIEM solution.

How your SIEM solution supports the GDPR compliance program of your organisation

Your SIEM plays an important role to fulfill many requirements that the GDPR asks for. For example, Article 32 requires your organisation to assess and evaluate the effectiveness of technical and organisational measures, ensuring the security of data processing. In addition to this, Article 33 is in place with the need for better scoping of incidents, identifying if an incident lead to a breach, how sensitive the disclosed data is, and what needs to be reported. However, there are also less obvious articles under the GDPR where your SIEM is the best solution to help you (e.g. Article 6,15-18, 21, 22, 28, 58 and 82).

Often it’s a challenge to translate the non-technical legal requirements into actionable items. To help with this, we have created the below materials. Within each is an interpretation of the law, what it means for an organisation's business, and what you should do about it:

• Whitepaper: How machine data supports GDPR compliance (DE | FR)

• Splunk Security Essentials App - GDPR Use Case

Don't break GDPR compliance with your SIEM

Whatever SIEM solution you operate, it is highly likely that personal information is captured in the log data such as phone numbers, email addresses, cookies, RFID’s, geolocation and more. If it can identify an individual in combination with other data, you must ensure that you’re not in breach of the GDPR compliance. To help give guidance on this, we have conducted detailed analysis on how you should treat your SIEM solution, and log data under the GDPR. We invited Freddy Dezeure, former head of CERT-EU, to provide advice on how to operate your SIEM in compliance with the GDPR:

• White Paper: A Layman’s Guide on How to Operate Your SIEM Under the GDPR (DE | FR)

• Webinar with ISC2: GDPR Compliance - Don’t Let Your SIEM Be Your Downfall

It’s important to get yourself and your SIEM solution ready, as the journey won’t end when the GDPR comes into effect. There’s a lot that we will all learn in the lead up to 25th May, and probably more so beyond.

Best

Matthias