If you answered ‘yes’ to either of these questions, you’ve probably heard of the European Union’s General Data Protection Regulation (GDPR). GDPR is a regulatory guideline that protects and empowers the information integrity of European citizens. The introduction of this regulation gives citizens of European Union countries discretion over how their personal data should or shouldn’t be used, processed or shared. In addition, GDPR’s introduction calls for stringent compliance with offenders facing steep financial penalties (Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher.)
Specific articles under GDPR’s Compliance Guidelines pose challenges to organizations leveraging PeopleSoft:
“The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and purposes, recipients, time period…”
“In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.”
“The controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.”
Time to Establish your GDPR Compliance Plan:
No matter where your organization resides in the world, if you handle any information for EU citizens, you must take steps to ensure your compliance. As stated above, non-compliance penalties are severe.
The larger the volume of PII, the more complex compliance gets. Since GDPR’s enforcement is set to begin starting this May, organizations must be in motion toward a compliance plan. In case you are behind or are evaluating your next move – consider these (3) steps:
Establishing standards and guidelines around data access is key:
You can start with identifying, managing and tagging safe access locations. To establish compliance without compromising the convenience of mobility, you can identify devices, along with establish multi-factor authentication solutions to ensure PII cannot be easily accessed. These solutions are not native to PeopleSoft.
Enhancing how you monitor and log access is key:
Your PeopleSoft environment automatically captures and logs system access information on a broad level. This enables you to go back and look into the details if a data breach occurs, but while complying with GDPR (where you have to report a breach within 72 hours), that’s not going to be an ideal approach or solution. Since no one is constantly monitoring your security log, if or when you notice the breach it might already be too late. Even with good intentions, you could have run out of time before you were even made aware of a threat.
How GreyHeller Application Security Platform Can Solve these Challenges:
GreyHeller’s Application Security Platform enables you to overcome these challenges by employing solutions for multi-factor authentication, location/privilege-based access, enhanced logging, and intrusion response. By layering these solutions within your PeopleSoft applications, you can ensure that the stringent articles of GDPR compliance will not keep you up at night; as these contextually aware solutions are designed to give you maximum influence over what data is accessed, by whom, and how it is used. In addition, incident response solutions ensure that you are on top of any potential threats and ready for any potential compliance audits.
We are here to answer any questions you may have – Get a free security consultation for GDPR compliance today!