Open in app

Sign in

Write

Sign in

GDPR SIEM Requirements

Ertugrul Akbas
2 min readDec 31, 2019

--

According to article 30 of the regulation, a data controller must maintain records of the processing activities for any data, which is under the responsibility of the data controller. This means there must be a solution in place to monitor the processing activities related to personal data, whether the processed data is stored in on-premises environments or in a cloud system. (Council Regulation (EU) 2016/679 2016: 50–51.)

While most of the systems used to process the data are generating the necessary audit logs by default, there might be multiple distinct systems that are used to process or store any personal data. This means in larger environments utilizing a log management system provides the necessary tools to properly store the generated log files.

A centralized log management system and properly securing it also helps organizations to fulfil the requirements stated in the article 32, which enforces organizations to implement appropriate security measures to ensure the level of security is in line with the risks involved. (Council Regulation (EU) 2016/679 2016: 51–52.)

In some situations, the log files could be destroyed in the original source once they have been shipped forward, which in turn decreases the possibility of leaking personal information through the log files left behind at the source server.

The regulation requires that personal data must not be stored for a longer period than necessary, which means for all log files, which contain personal data, there must be a pre-defined retention period after which the data is to be deleted. The duration of the retention is dependent on the situation and the regulation does not define exactly the length of retention, but it should be long enough to ensure potential security breaches can be investigated thoroughly. (Council Regulation (EU) 2016/679 2016: 7.)

SIEM solutions could also be used to pseudonymize the log files when there is no need to include certain information, such as IP-addresses or login names, in the actual log files, which are being used to something else, such as monitoring the overall usage patterns of an information system. By utilizing event duplication, the original log files could be stored in a different index to be used in case a security breach is detected, effectively sealing the personal information to be used later for legitimate purposes without exposing them to persons who might not be authorized to process them.

As the article 33 of the regulation also enforces the data controller to notify supervisory authority in case there is a security breach which affects any personal data, there needs to be some sort of a system in place which can be used to monitor and detect possible security breaches in a timely manner. (Council Regulation (EU) 2016/679 2016: 52.)

Originally published at https://www.peerlyst.com on December 31, 2019.

Siem
Gdpr
Gdpr Compliance

--

--

Ertugrul Akbas
Ertugrul Akbas

Written by Ertugrul Akbas

460 Followers
8 Following

Entrepreneur,Security Analyst,Research.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams