The introduction of GDPR demands stringent compliance by all organizations that store and maintain databases containing EU citizen data. Specific articles under GDPR’s Compliance Guidelines pose challenges to organizations housing EU citizen data in their PeopleSoft systems: Article 15 “The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and purposes, recipients, time period…” Article 33 “In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.” Challenges with meeting these articles:
- PeopleSoft captures access information but not granular activity level data. In the event of an audit, these logs will not provide the data necessary to demonstrate compliance.
- An unmonitored security log may report a failed login or malicious activity but it might be days or even months before you find it out.
How we solve it
GreyHeller’s Application Security Platform enables you to meet these specific GDPR requirements and meet the challenges of knowing how your data is being accessed, by whom, and ensure all malicious activity can be efficiently discovered.
- Application Security Platform limits access to personal data and ensures that security is enforced to the level appropriate to risk.
- With Application Security Platform’s enhanced logging capabilities, an organization will have all of the data at its fingertips to meet all audit and compliance requirements – specifically Article 15.