The GDPR requires that organizations exhibit commitment to individuals’ data privacy by implementing a data protection by design and by default approach, meaning organizations need to build privacy and protection into their products, services, and applications. GDPR also mandates that organizations create and maintain a detailed inventory of personal data. To achieve this requirement, you need to first understand what sensitive information resides in your databases, and if so, what type of sensitive data they hold.
Identify Sensitive Data for GDPR with Classifier
Imperva’s free data classification tool, Classifier, can jump-start your efforts toward GDPR compliance. Containing more than 250 search rules for common enterprise databases such as Oracle, Microsoft SQL, SAP Sybase, IBM DB2 and MySQL, Classifier allows you to quickly uncover sensitive data in your database.
The Classifier tool can locate various data types by default, including the following categories (and more):
- Credit card numbers
- Person name (first name, last name, given name, etc.)
- Email address
- Business name (dealers, franchisee, payer, etc.)
- Financial number (account number, mortgage account, savings account, etc.)
- Access credentials (password, PIN, etc.)
- Payroll (annual rate, hourly rate, salary, etc.)
- Phone number (home, work, mobile, etc.)
It also tells you how much sensitive data the database contains and the ratio of total sensitive data. You can even drill down into details of a specific category, including row counts associated with each schema, table and column identified by the scan (see Figure 2 below).
Install the Tool and Run a Scan
It only takes a few minutes to install the tool. After that, all you have to do is assign a database, run a Classifier scan, and get a summary of sensitive data in that database. This blog post will walk you through the steps.
The scan time may vary based on the size of the database, but since Classifier searches metadata, it typically runs quickly. Regardless of which operating system your database is running on—Windows, Mac, or Linux—Classifier can rapidly identify sensitive data.
Figure 1: Classifier provides an executive summary dashboard that displays the sensitive data found in your database, as well as data classification details and statistics.
Figure 2: Drill down into Classification Details to find the table, column, and row count associated with a specific sensitive data category.
Determine Systems Scope for GDPR
There are a few more key requirements in the GDPR that pertain to data security, including:
- Article 32 — Security of processing: Implement appropriate technical and organizational security controls to protect personal data against accidental or unlawful loss, destruction, alteration, access or disclosure
- Article 33 — Notification of data breaches to the appropriate regulator: 72-hour notification to Data Protection Authority following discovery of data breach, and notification to affected individuals
- Article 35 — Data protection impact assessment: Assessment of the purpose, scope and risk associated with processing personal data
- Article 44 — General principle for data transfer: Permit transfers only to entities in compliance with GDPR regulation
However, none of these requirements can be truly fulfilled unless you have visibility into your databases. Knowing what sensitive data lives in which databases helps determine what systems are in scope for the GDPR. Once you have the answers to what and where sensitive data lives, you can then decide how to handle it within your organization.
For example, you can deploy solutions to monitor who is accessing sensitive data and exactly when, de-identify sensitive data in nonproduction and outsourced environments via data masking techniques, and control user access rights, including cross-border data access. But first, you must find the sensitive data in your databases.
Additional GDPR Resources
Classifier jump-starts you on your road to GDPR compliance as well as data security. If you haven’t already done so, download and install Classifier today.
Imperva also offers a number of additional resources to help as you plan for GDPR compliance:
Infographic: Get Going with Your GDPR Plan
Solution Brief: Five Ways Imperva Helps You with GDPR Compliance
eBook: CISOs Guide – Steps for Securing Data to Comply with the GDPR