Skip to main content
Skip table of contents

General Data Protection Regulation (GDPR) Compliance Automation

Various countries and regions are adopting big data compliance regulations to protect their citizens and this trend continues as depicted in the General Data Protection Regulation (GDPR). The European Union (EU) has issued legislation focusing on the right to privacy of personal data, while still maintaining breach security and incident response objectives. Through the first iteration of the Articles, the rigorous rules immediately impact businesses processing EU personal data through enforcement of data subject rights and fines for non-compliance. GDPR replaces the Data Protection Directive 96/46 previously enforced by EU countries. To empower the Data Protection Officer (DPO), a new role required through GDPR, the organization needs to revamp security standards, policies, and procedures to ensure rights of the data subject are integrated in these components. LogRhythm has integrated our SIEM technology, advanced analytics and real-time alarms to assist the organization and DPO in the pursuit of GDPR compliance.

GDPR Specific Terminology

Automated Decision MakingThe predictive processing or strategic analysis of personal data to anticipate subject behaviour (profiling)
Breach NotificationThe specific reporting requirements of a breach without undue delay, but no later than 72 hours after becoming aware of the breach to the Supervisory Authority. Communication of the breach to the Data Subject is required if anticipated impacts may result in a high risk to the rights and freedoms of the natural person. This should also include required breach information and appropriate remediation actions to be taken
Binding Corporate Rules (BCRs)Personal data protection policies to be adhered to by Data Controllers or Processors that are established by the Member State around the transfer of personal data
Data ControllerThe organization defines the scope, purpose, and methods of processing personal data
Data ProcessorThe organization that undertakes processing as contacted by the Data Processor
Data Protection AuthorityThe national authorities are tasked with the protection of data and privacy through monitoring and enforcement of regulations established within the EU
Data Protection Impact AssessmentA risk-based assessment methodology to determine an organization’s systems and business processing that may be exposed to risk in the absence of mitigating controls
Data Protection OfficeA new position is created for an individual appointed within the organization to independently ensure adherence to policies and procedures set forth by GDPR
Data SubjectA natural person whose data is being processed by a data controller or processor
Privacy Impact AssessmentAn analysis tool of an organization’s exposure to privacy risks based on the processing of personal data and the policies put in place to protect personal data
PseudonymizationA procedure in which most identifying fields within a data record are replaced by one or more artificial identifiers
Right to AccessThe data subject’s rights to access or receive information about their personal data that a data controller or processor is utilizing (Subject Access Rights)
Right to RectifyThe data subject’s rights to have inaccurate personal data corrected without undue delay by the data controller or processor

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.