GDPR Data Inventory and Monitoring
How NADDIV Can Help You Meet GDPR Requirements
NADDIV automates data discovery for GDPR data inventory with unparalleled accuracy, and helps map all your relevant GDPR data, as defined by you. Once you know where all your sensitive data resides, your organization can start to identify and prioritize gaps in GDPR compliance. NADDIV’s automated persistent classification tags and protects each file according to its specific data classification. Monitor and audit user activity, detect and manage risky behavior of newly created and existing assets with the NADDIV dashboard. Automate notification and remediation actions to respond to DSAR (Data Subject Access Rights) requests and comply with Article 17, the right of erasure (“right to be forgotten”). Know your maximum exposure vs. what’s protected at any time — on premise and with third-party processors — before, during, and after the GDPR deadline.
GDPR Key features
NADDIV Helps Address the Following GDPR Requirements:
- Rec. 30, 64 – Creation of data inventory and map
- Arts. 4, 9 – Creation of data inventory and map
- Arts. 15, 16, 17 – Data subject’s right to access to their personal data and to correct and/or erase
- Art. 28 – Third party/vendor management
- Art. 30 – Record keeping
- Art. 32 – Information security
- Art. 33 – Breach notification
- Art. 37, 38 – Data Protection Officer
Search everywhere and identify with zero false positives
- Reliable discovery results with industry leading accuracy and precision
- Searches local/shared/removable drives, cloud storage, e-mail servers, databases, web servers,
- SharePoint sites, Windows/Mac/Linux workstations, web sites and file servers.
- Searches within all file types structured and unstructured – Office files, text, images, scanned images, e-mail messages and attachments, archives, deleted files, Outlook archives, and compressed files.
Classify results persistently to meet the GDPR
- Classifies sensitive data by category and priority to amplify the need for administrators and/or data owners to manage and protect results. Embed classifications directly into files.
Secure unprotected GDPR data
- Secures results using a file shredder (based on DoD standard), redaction, encryption, or quarantine to a safe location.
Monitor and manage GDPR data operations centrally
- Identifies unprotected results as compared to what employees have already secured for trending analysis.
- Notifies data owners automatically
- Empowers employees to sanitize their data environment and monitors their progress with automated alerts and notifications without the extra staff burden.
Make employees part of the GDPR process
- Give employees access to classification add-ons in popular collaboration suites such as MS Office and Adobe Acrobat.
Highly scalable, flexible and secure architecture
- Highly scalable, open architecture that accommodates the growth of staff, processes and information across the enterprise.
- nables organizations to scale and grow by providing the ability to orchestrate administrative and compliance processes consistently and globally.
- Integrates with Active Directory to simplify policy designation and group reporting.
- Within an hour start seeing sensitive data results.
- Within a day create an inventory of sensitive data on all systems.
- Within a week implement a data loss prevention strategy for continuous data protection.
Accurate Data Discovery, Classification and Protection to meet the GDPR
Meeting PCI DSS Security Compliance Requirement Standards with NADDIV
Payment Card Industry Data Security Standards (PCI DSS) compliance mandates that all organizations that accept, acquire, transmit, process, or store cardholder data must take appropriate steps to continuously safeguard all sensitive customer information.
NADDIV provides PCI DSS security compliance solutions that secure and control enterprise data-at-rest, addressing critical portions of the PCI DSS 3.2 compliance control set for DSS Compliance Requirement 3: Protect stored cardholder data and Requirement 4: Encrypt transmission of cardholder data across open, public networks – while also supporting additional components of the PCI DSS compliance requirements. PCI DSS security compliance solutions address other requirements across multiple use cases within the PCI DSS 3.0 compliance requirements – automatically discovering and classifying unstructured files, structured databases as well as specific data or intellectual property within databases and files across traditional networks, cloud implementations and virtual environments.
NADDIV provides a solution to help organizations discover, classify, monitor and respond in order to meet multiple PCI DSS security compliance requirements under the standard helping organizations meet PCI DSS 3.0 compliance requirements with an easy-to-deploy, centrally managed solution that integrates with your existing security infrastructure. NADDIV’s open APIs allow integrations with your existing DLP tools, encryption software, data-archiving and storage solutions offered by leading technology providers such as Symantec, Intel Security and others to help increase the benefits from existing spend on these data security solutions.
Meeting Data-at-Rest Discovery and Classification Requirements for HIPAA HITECH Act Compliance
HIPAA legislation requires Health Care providers, Health Plans, Health Care Clearinghouses, and those who carry out tasks on their behalf to handle personal healthcare data responsibly and securely.
Two key pieces of US Federal legislation define security compliance requirements for healthcare providers to protect data at rest:
HIPAA – The US Health Insurance Portability and Accountability act (HIPAA) of 1996. The HIPAA Security Rule requires covered organizations to implement technical safeguards to protect all Electronic Personal Healthcare Information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing and monitoring of ePHI information. The HIPAA Security Rule then goes on to set out numerous examples of HIPAA encryption methods which can be employed and the factors to consider when implementing and ensuring the success of a HIPPA encryption strategy. It also mandates that breaches of unsecured protected health information are reported.
HITECH – Health Information Technology for Economic and Clinical Health (HITECH) Act – enacted as a part of the American Recovery and Reinvestment Act (ARRA) of 2009. The HITECH act then expands the compliance requirement set, requiring the disclosure of data breaches of “unprotected” (unencrypted) personal health records (PHR), including those by business associates, vendors and related entities. And finally, the “HIPAA Omnibus Rule” of 2013 formally holds business associates liable for compliance with the HIPAA Security Rule.
NADDIV provides a solution to help organizations discover, classify, monitor and respond in order to meet HIPAA Security Rule and HITECH compliance requirements transparently – without changes to operational processes and the daily work of healthcare professionals. NADDIV provides technical safeguards to automatically identify and classify electronic protected health with an easy-to-deploy, centrally managed solution that integrates with your existing security infrastructure. NADDIV’s open APIs allow integrations with your existing DLP tools, encryption software, data-archiving and storage solutions offered by leading technology providers such as Symantec, Intel Security and others to help increase the benefits from existing spend on these data security solutions.
Phone: 877.499.0949 | © 2018 NADDIV INC. | All Rights Reserved Worldwide.