Overview

The EU General Data Protection Regulation (GDPR) came into force in May 2018, affecting all organizations based in, or doing business with, countries in the EU. The GDPR’s primary focus is to protect personal information. This includes the obvious – names, contact details and financial information – but also some elements you may not have considered – dates of birth and IP addresses.

The various articles of the GDPR place great demands on organizations to install robust data protection principles, processes, procedures, tools and technologies – and also to be able to demonstrate the actions that they have taken.

Restorepoint can help organizations manage their GDPR obligations and enable them to demonstrate compliance for GDPR audits.

GDPR Requirements

Confidentiality, integrity, availability and resilience

Article 32 of the GDPR demands that organizations ‘ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services’. By securing access to data throughout your organisation using Universal Console, one can both help to maintain data confidentiality, and ensure clear records of access to that data. These records are then available for any future GDPR audits.

Article 32 also requires that organizations are able to ‘restore the availability and access to personal data in a timely manner in the event of a physical or technical incident’. Restorepoint helps ensure that the processing systems and services underpinning the handling of personal data are highly available and resilient by centralizing the backup of network configurations from over 100 networks, security and storage vendors. With its simple one-click recovery process, Restorepoint can greatly speed up the restoration of services following an outage caused by hardware failure, unauthorized, or incorrect configuration changes. Unlike scripting solutions that require time and expertise to setup, Restorepoint can be deployed and be protecting the network within minutes helping organizations achieve GDPR compliance.

Testing and evaluation

Article 32 of the GDPR demands that organizations instigate a ‘process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing’. Here, once again, Restorepoint helps fulfil the GDPR’s criteria and requirements. It not only ensures that recovery from outages is as quick and straightforward as possible, but it also delivers comprehensive auditing of system configurations for compliance purposes.

Restorepoint's compliance engine provides continual visibility of compliance status by automatically detecting changes in configuration, tracking against configuration policies and baselines, without intrusive network scans.

Policies are easily created and applied to multiple network devices, with compliance analysis performed automatically each time a network device is backed-up. Alerts can be forwarded to SIEM products (syslog), monitoring platforms (SNMP), sent via Email, or retrieved via the API, for simple and effective GDPR compliance monitoring.

Benefits of Restorepoint

  • Outage prevention: Automate configuration backup and recovery. Supports hundreds of network, security and storage device types.
  • Recover from network device failure or configuration errors in seconds. 1-Click automated recovery allows even untrained engineers to restore service quickly.
  • Meet regulatory standards including PCI and GDPR that require secure access and encryption of configurations.
  • Save time with automated compliance auditing. Detect changes, analyse configurations for security weaknesses and to assess whether they meet internal or regulatory compliance standards.
  • API support for integration with SIEM, Monitoring or Change Control platforms.
Learn more about managing compliance with Restorepoint