Take the time to identity all sensitive data when starting your GDPR compliance project.
Companies need to know which data is relevant under GDPR, which systems contain those types of data, and which databases have specific combinations of sensitive data that place them at a higher risk.
Keep data subjects’ personal data separate from the rest of your enterprise’s data. Effective auditing can be done if the personal data is isolated from the rest of the data. Auditing user accesses, data modifications, and data deletion, and managing permissions to personal data is easier if the data is isolated.
Grant access to only those who are authorized to process the data. Keep an eye on the privilege permissions that are being granted. Establish proper measures to monitor the permission grants, privilege escalations, and user activities happening on the storage system where the personal data is stored.
The focus of the GDPR audit is to determine whether the organisation has implemented adequate policies and procedures to regulate the processing of personal data.
Additionally, the review will ensure that monitoring of personal data processing is carried out by such policies and procedures and identifying and controlling the risks to prevent data breaches.
Collect and analyze logs from perimeter systems such as firewall, WAF, web proxies.
Correlate with logs from endpoint systems such as Antivirus.
How you can quickly respond to a potential breach?
There are two ways to achieve fast incident response
(1) shorten the time to identify an illegitimate access to data, and
(2) reduce the time in stopping any violation against your security policies.