General Data Protection Regulation (GDPR) Compliance


GDPR applies to any business operating in the European Union (EU), no matter where the organization is located. All sensitive, personal information relating to EU subjects must be stored securely and protected.

European Union

EU General Data Protection Regulation (GDPR): Are You Compliant?

When the General Data Protection Regulation (GDPR) went into effect on May 25, 2018 organizations worldwide became subject to new rules protecting personal data of all EU citizens independent of where that information is stored. Among them is the requirement to report within 72 hours all detected breaches involving this data to the relevant authorities. Failure to do so could result in a significant fine up to €20 million or 4 percent of total annual sales, whichever is greater. Identifying which records containing personally identifiable information have been compromised and how the breach occurred in such a short timeframe can be problematic or even impossible without the right tools.

How to Build an EU GDPR Compliance Strategy

Observer offers two rich sources of data to address the regulatory reporting requirements of GDPR. The first is wire data captured and retained by GigaStor. When properly instrumented within the network infrastructure, GigaStor captures and analyzes every network conversation just like a closed-circuit television (CCTV) camera. The secured wire data—encrypted within the GigaStor—is then available to reconstruct and review security issues quickly in context of all network traffic occurring before, during and after the event. 

GigaFlow complements GigaStor wire data by intelligently stitching multiple sources of data (flow, SNMP, user identity, and session syslog) together into an enriched flow record. Doing so provides in-depth details on network device types, connectivity, traffic control, and usage patterns. Useful for troubleshooting performance issues, enriched flow records also enable IT teams to track in real-time or retrospectively every single user, IP address, or MAC address. Identifying what assets have been compromised in a quick and simple manner.

Observer provides NetOps and SecOps teams a powerful single platform to collaborate on incident detection and remediation, and plays a significant role in demonstrating GDPR compliance.

BLOG: Dispelling Three Myths About EU GDPR Compliance 

Many organizations use Observer for network and application troubleshooting, but nearly half of customers also use it for real-time post-incident security investigations. This functionality is critical for GDPR compliance in three ways:

  • Pre-incident validation that the organization has taken enough steps to ensure its ability to investigate and report attack details to authorities within 72 hours, as well as the ability to verify successful remediation
  • Pre-incident discovery and mapping of network infrastructure involved in supporting applications and services collecting, analyzing and storing personally identifiable information
  • Post-incident investigation that prove no assets or intellectual property were compromised, help organizations identify or provide documentation of what personal data was affected, and determine how access was achieved to perform clean-up
  • Real-life GDPR Compliance Challenges

    Given the pervasive nature of GDPR regulations—it applies to every EU citizen’s personal data where ever it is stored or transmitted—the list of compliance example challenges is expansive:

    • A contractor based outside the EU, managing servers housing an EU customer database inappropriately accessed that database
    • An outside phishing attacks successfully penetrates the security perimeter

    Observer is invaluable in facilitating GDPR compliance through powerful investigation capabilities. Each event’s activities could be easily tracked, reconstructed, and analyzed to confirm the type of attack or action while providing post-event forensics data on whether any assets where affected or compromised.

  • Ensure GDPR Compliance

    GDPR regulations have forced significant changes in the way IT organizations capture, process, and store personal data. If data privacy isn’t built into collection, storage and security processes by design, enterprises risk huge financial and reputation consequences.

    While many of the requirements of the GDPR will require lengthy analysis and planning, there are several simple actions that can aid in the effort. The right performance and security monitoring solution—like Observer with high fidelity forensics and threat intelligence—can immediately expand situational awareness and visibility into events that may trigger violations in GDPR regulations.