Professional Services for GDPR Compliance

The GDPR effective date is less than seven months away and the stakes are high. GDPR non-compliance penalties have the potential to be quite significant (up to 79 times higher than existing guidelines), and GDPR applies to any organization of any size that collects or processes personal data originating in the EU. The new rules and fines go into effect on May 25, 2018.

The problem is that many organizations:

  • Don’t know where to start
  • Don’t know where their data is
  • Don’t recognize current security gaps

Organizations need to prepare by conducting comprehensive data inventory and discovery activities, analysis and identification of processes, and subsequent data risk assessments.

GDPR Assistance

Imperva assists with GDPR compliance by offering services that identify known and unknown data stores across the organization, uncover what kind of critical or sensitive data may exist in those data stores, classify and map the data stores, and then provide delivery recommendations around what kind of controls should be in place. We also operationalize that process so those controls can be maintained on an ongoing basis within the organization.

Imperva Database Discovery and Analysis (dDnA) and Project Discovery and Analysis (pDnA) services map to four major data protection-related GDPR articles that will have significant impact on organizations (Figure 1).

data protection GDPR articles grid - 1

Figure 1: Imperva professional services map to four major data protection-related GDPR articles—Article 5, Article 25, Article 35 and Article 83

Database Discovery and Analysis

Our dDnA services discover and classify known and unknown database assets, and provide a proven way to identify and classify data to enable compliance to frameworks, standards and regulatory requirements like GDPR.

The dDnA approach:

  • Identifies database assets
  • Identifies data owner(s)
  • Identifies custodian(s)
  • Provides information classifications
  • Delivers control recommendations

dDnA deliverables include sample reports (Figure 2) and flow analyses (Figure 3) similar to the below, which help with ongoing compliance tracking and maintenance. Imperva reports show the data found and maps the data flow throughout the organization.

GDPR dDnA deliverable - sample report - 2

Figure 2: dDnA deliverable includes a sample report showing risk values and potential business impacts.

GDPR dDnA data flow analysis - 3

Figure 3: dDnA services provide customers with data flow analysis that tracks how data moves in and out of various systems as well as controls that are in place.

Project Discovery and Analysis

Imperva pDnA services define IT security projects by focusing on project benefits, scope, risks, budgets and timetables.

The pDnA approach:

  • Builds solution credibility
  • Identifies customer key objectives, requirements and critical success factors
  • Defines the overall approach and delivery strategy
  • Delivers a high-level solution design
  • Identifies key stakeholders and creates a project team
  • Understands use cases and data application protection business strategy

pDnA services map GDPR requirements and the controls within the data environment itself to a maturity model that shows where the organization needs to be in order to meet compliance. Customers are provided with a final implementation map (Figure 4).

GDPR pDnA services implementation map - 4

Figure 4: Example of a pDnA services implementation map.

The two solutions combine to deliver a project methodology that’s flexible and adaptive to your organization’s operational governance, process and policies.

Contact us to learn more about Imperva’s GDPR compliance capabilities and explore our data security solutions in detail.

 


Source: imperva

Recommended Posts

Leave a Comment