GDPR Compliance Guide
Recovery and investigation capabilities for endpoints.
Endpoints are data stores
While legal and compliance teams plan for meeting General Data Protection Regulation (GDPR) requirements, IT and security teams are tasked with determining what data stores contain personal or sensitive data and whether or not they have disaster recovery and breach notification capacities for each data store.
One data store that proves difficult to manage for GDPR compliance is the data residing on employees laptops and desktops. Data on endpoints can be a black hole for IT and security teams who have very limited visibility into the contents of employee files, making investigation and response to data exfiltration involving the endpoint complex and imprecise.
Stolen endpoint data could result in GDPR penalties
Fines costing $20 Million EUR or 4 percent of annual revenue are not just reserved for the most commonly discussed privacy provisions: the right to erasure and the right to portability. Any critical violation of GDPR can incur the same draconian fines. Failing to consider endpoints as a data store could create big risks for organizations doing business in the European Union (EU).
Organizations may have considered the need for disaster recovery and breach notification within 72 hours as the regulations affect customer relationship management (CRM) and point of sale systems. However, planning for endpoint data visibility is also essential for GDPR compliance. What constitutes a serious incident depends on the context of the data.
19 GDPR frequently asked questions
See file content and movement
Know when to report endpoint data leaks to GDPR supervisory authorities, and how to recover fast.
Data protection and visibility are essential pieces of an organization’s 72-hour breach response and compliance strategies—and these capabilities need to extend to endpoint devices. Code42 helps you investigate leaks and breaches in four ways:
- See user behavior in context: Identify trends in user behavior so you can pinpoint abnormal file movement.
- Assess high-risk data movement: See exactly where data is moving, and intervene early to prevent or minimize damage.
- Regain control of corporate IP: Secure your most valuable data assets to avoid both accidental and intentional data leaks.
- Remediate fast: Restore lost or stolen data so your business can get back to work right where it left off.
Spot risk sooner and respond as threats happen
Code42 reduces your time to respond from weeks to hours—by tracking data movement and monitoring the contents of end users’ files, you can pinpoint your exposure.
- Monitor cloud storage activity: See when files are transferred to personal cloud storage applications like Box, OneDrive, Google Drive, and Dropbox.
- Identify Removable Media: Know exactly which files are transferred to removable media devices such as USBs, external hard drives, or secure digital (SD) cards and get their serial numbers.
- View an audit trail of activity: Drill down into the details of high-risk movement with the context you need to take next steps: see file name, path and MD5 hash, when files were taken, and through which exact vector.
- Add context to exfiltration alerts: Network monitors can tell you something bad happened, Code42 tells you what user files were involved.
Interested in other security compliance use cases for Code42? Check out the Code42 Security Tools Overview.
What others say
“We have used Code42 to ensure data security and safety for current employees, and to access data from employees who are no longer with the company.”
– Wylie Hartwell, Senior Manager, End User IT Support at Black Knight Financial Services
Partnering to protect
“From the beginning, Code42 has been a great partner and helped customize a complex deployment for our company to protect our endpoint data.”
– Melanie Masterson, Threat Response Engineer, LendingClub
Recovering data for compliance
“We needed to recover data for compliance and Code42 provided us with a snapshot in time that could not be tampered with by the user.”
– IT Director, Medium Enterprise Professional Services Company
Understanding the value
“We use Code42 to protect data before a data migration or encryption project, to help in identifying which data existed on a lost or stolen machine, to secure data in the event of employee departures, to assist in legal holds and/or eDiscovery initiatives, and to help recover from ransomware.”
– Paul Calatayud, Chief Security Officer, SureScripts
Have more questions?
We are here to help.