GDPR: Don’t Forget the Right to be Forgotten
There is much involved in being compliant with GDPR that many IT pros do not always think about. A critical flaw in GDPR, in fact one of the foundations of GDPR, is the right to be forgotten. “How can I forget you, if I do not know precisely who you are and what you did while you were here?” asked CoreView solution architect Matt Smith. “I cannot forget those things unless I have a record of what you did.”
Fortunately, with CoreView, not only do you know who ‘Joe User’ is, but in the CoreView system, that user has a unique serial number that is stored and used as an account ID. If that ‘Joe User’ leaves and a new user with the same name starts later, IT will know which ‘Joe User’ performed a particular action or was the owner of this particular file. That is because all the actions of both Joe Users are tracked and audited. Without CoreView, all that information goes away as soon as IT deletes Joe User and is not stored externally in an audit log, the way CoreView does.
“You cannot be GDPR compliant unless you capture and store that kind of information. How do I apply compliance regulations that say I have to be able to notify people when there is a breach – and at the same time, be able to forget somebody when they file their right to be forgotten?” Smith asked.
That is a deep pain point that requires a deep solution. Fortunately, CoreView tracks and stores all this information for admins and end users. On the admin side, for instance, CoreView can produce a report in seconds of every single administrative action an IT staffer has taken on the Office 365 platform since they started. End users are tracked in a similar way. “Why can’t I do that in Office 365 Admin Center? A bank teller can tell you every single check they have cashed, exactly how much money came in for deposits, and how much money went out. Banks keep those logs for seven years due to banking regulations. However, Office 365 shops using the native Admin Center cannot tell today exactly what administrators did in the platform – and yet CoreView can,” Smith explained.
Learn More About Doing GDPR Right
Ace your GDPR compliance test with a personalized CoreScan demo.
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.