The GDPR effective date is less than seven months away and the stakes are high. GDPR non-compliance penalties have the potential to be quite significant (up to 79 times higher than existing guidelines), and GDPR applies to any organization of any size that collects or processes personal data originating in the EU. The new rules and fines go into effect on May 25, 2018.
The problem is that many organizations:
- Don’t know where to start
- Don’t know where their data is
- Don’t recognize current security gaps
Organizations need to prepare by conducting comprehensive data inventory and discovery activities, analysis and identification of processes, and subsequent data risk assessments.
Imperva assists with GDPR compliance by offering services that identify known and unknown data stores across the organization, uncover what kind of critical or sensitive data may exist in those data stores, classify and map the data stores, and then provide delivery recommendations around what kind of controls should be in place. We also operationalize that process so those controls can be maintained on an ongoing basis within the organization.
Imperva Database Discovery and Analysis (dDnA) and Project Discovery and Analysis (pDnA) services map to four major data protection-related GDPR articles that will have significant impact on organizations (Figure 1).
Figure 1: Imperva professional services map to four major data protection-related GDPR articles—Article 5, Article 25, Article 35 and Article 83
Database Discovery and Analysis
Our dDnA services discover and classify known and unknown database assets, and provide a proven way to identify and classify data to enable compliance to frameworks, standards and regulatory requirements like GDPR.
The dDnA approach:
- Identifies database assets
- Identifies data owner(s)
- Identifies custodian(s)
- Provides information classifications
- Delivers control recommendations
dDnA deliverables include sample reports (Figure 2) and flow analyses (Figure 3) similar to the below, which help with ongoing compliance tracking and maintenance. Imperva reports show the data found and maps the data flow throughout the organization.
Figure 2: dDnA deliverable includes a sample report showing risk values and potential business impacts.
Figure 3: dDnA services provide customers with data flow analysis that tracks how data moves in and out of various systems as well as controls that are in place.
Project Discovery and Analysis
Imperva pDnA services define IT security projects by focusing on project benefits, scope, risks, budgets and timetables.
The pDnA approach:
- Builds solution credibility
- Identifies customer key objectives, requirements and critical success factors
- Defines the overall approach and delivery strategy
- Delivers a high-level solution design
- Identifies key stakeholders and creates a project team
- Understands use cases and data application protection business strategy
pDnA services map GDPR requirements and the controls within the data environment itself to a maturity model that shows where the organization needs to be in order to meet compliance. Customers are provided with a final implementation map (Figure 4).
Figure 4: Example of a pDnA services implementation map.
The two solutions combine to deliver a project methodology that’s flexible and adaptive to your organization’s operational governance, process and policies.
Contact us to learn more about Imperva’s GDPR compliance capabilities and explore our data security solutions in detail.