Strengthen Your SIEM And Be Ready For The GDPR

Security Matthias Maier

While many organisations have been preparing for the GDPR for months, some may only just be starting now. Others may even have the strategy to wait and see what might happen after 25th May, to observe reference cases and the level of predicted fines in practice. Whatever your company’s position is, I want to share two different views that should be urgently considered if you own a SIEM solution.

How your SIEM solution supports the GDPR compliance program of your organisation

Your SIEM plays an important role to fulfill many requirements that the GDPR asks for. For example, Article 32 requires your organisation to assess and evaluate the effectiveness of technical and organisational measures, ensuring the security of data processing. In addition to this, Article 33 is in place with the need for better scoping of incidents, identifying if an incident lead to a breach, how sensitive the disclosed data is, and what needs to be reported. However, there are also less obvious articles under the GDPR where your SIEM is the best solution to help you (e.g. Article 6,15-18, 21, 22, 28, 58 and 82).

Often it’s a challenge to translate the non-technical legal requirements into actionable items. To help with this, we have created the below materials. Within each is an interpretation of the law, what it means for an organisation's business, and what you should do about it:

Splunk GDPR reminder keyboard press

Don't break GDPR compliance with your SIEM

Whatever SIEM solution you operate, it is highly likely that personal information is captured in the log data such as phone numbers, email addresses, cookies, RFID’s, geolocation and more. If it can identify an individual in combination with other data, you must ensure that you’re not in breach of the GDPR compliance. To help give guidance on this, we have conducted detailed analysis on how you should treat your SIEM solution, and log data under the GDPR. We invited Freddy Dezeure, former head of CERT-EU, to provide advice on how to operate your SIEM in compliance with the GDPR:

Splunk GDPR reminder weak link

It’s important to get yourself and your SIEM solution ready, as the journey won’t end when the GDPR comes into effect. There’s a lot that we will all learn in the lead up to 25th May, and probably more so beyond.

Best

Matthias

Related Articles

Defending at Machine Speed: Splunk Advances the Agentic SOC
Security
5 Minute Read

Defending at Machine Speed: Splunk Advances the Agentic SOC

Splunk is extending agentic security capabilities across the SOC to help teams build detections, codify procedures, prioritize alerts, analyze threats, and scale response.
Stop Configuration Outages Before They Start
Security
5 Minute Read

Stop Configuration Outages Before They Start

Learn how a decoupled, multi-cloud validation pipeline eliminates manual gatekeepers, secures cloud-native credentials, and drops configuration downtime to zero.
Reduce Operational Complexity with Splunk SOAR Logic Loops
Security
2 Minute Read

Reduce Operational Complexity with Splunk SOAR Logic Loops

Learn about the logic loops feature introduced in Splunk SOAR version 6.2 and how you can implement them in your own use cases and playbooks.