This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Larry_Birch
Contributor
‎2020-09-25 08:47 AM

GDPR - Right to forget

Currently doing a GDPR course, am running Identity Awareness, and wondering how I would handle a request to forget in my logs.  My associates in Europe must have run across this already....what have you done?  Thank you in advance.

0 Kudos
1 Reply
_Val_
Admin
Admin
‎2020-09-28 01:05 AM

In essence, this is legal question, not a technical one. But there are some things that you can address with tech means.

1. Configure  admin profiles with hiding user identities for regular admin accounts. Configure another emergency profile with full permissions. Only use emergency profile in case of escalated security breach.

2. Configure reasonable log rotation and destruction policy. Mind, certain regulations require you to keep log history for an extended period of time. 

3. Consult with lawyers. Right to forget only applies to specific cases and is not absolute. You are allowed to keep security logs for specific purposes, under condition user identities are not available by default. This depends on your business and industry data. Legal counsel here is a must. 


Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events