- Why ScienceLogic
- Main Menu
- Why ScienceLogic
Why ScienceLogic
See why our AI Platform fuels innovation for top-tier organizations.
- Why ScienceLogic
- Customer Enablement
- Trust Center
- Technology Partners
- Pricing
- Contact Us
- Product Tours
See ScienceLogic in actionTake a TourExperience the platform and use cases first-hand.
- Platform
- Main Menu
- Platform
Platform
Simplified. Modular-based. Efficient. AI-Enabled.
- Platform Modules
- Core Technologies
- Platform Overview
- Virtual Experience
Skylar AI RoadmapRegister TodayLearn about our game-changing AI innovations! Join this virtual experience with our CEO, Dave Link and our Chief Product Officer, Mike Nappi.
November 26
- Solutions
- Main Menu
- Solutions
Solutions
From automating workflows to reducing MTTR, there's a solution for your use case.
- By Industry
- By Use Case
- By Initiative
- Explore All Solutions
- Survey Results
The Future of AI in IT OperationsGet the ResultsWhat’s holding organizations back from implementing automation and AI in their IT operations?
- Learn
- Main Menu
- Learn
Learn
Catalyze and automate essential operations throughout the organization with these insights.
- Blog
- Community
- Resources
- Events
- Podcasts
- Platform Tours
- Customer Success Stories
- Training & Certification
- Explore All Resources
- 157% Return on Investment
Forrester TEI ReportRead the ReportForrester examined four enterprises running large, complex IT estates to see the results of an investment in ScienceLogic’s SL1 AIOps platform.
- Company
- Main Menu
- Company
Company
We’re on a mission to make your IT team’s lives easier and your customers happier.
- About Us
- Careers
- Newsroom
- Leadership
- Contact Us
- Virtual Event
2024 Innovators Awards SpotlightRegister NowSave your seat for our upcoming PowerHour session on November 20th.
GDPR Compliance in 2024
The EU General Data Protection Regulation (GDPR) came into force in May 2018, affecting all organizations doing business in the EU, regardless of where the organization operates. This affects every type of company from small online stores to very large enterprises.
By now everyone knows this, we hope. But let’s have a little recap before sharing some updates.
Europe’s General Data Protection Regulation (GDPR) is considered one of the toughest global privacy and security laws. Its primary focus is to protect personal information. This includes the obvious – names, contact details and financial information – but often some elements you may not have considered – such as IP addresses.
The law allows for independent Data Protection Authorities (DPAs) to impose fines on organizations who are in breach of the law, those governing bodies are representing the citizens in their country, including:
- Information Commissioner’s Office (UK)
- Data Protection Commission (Ireland)
- Commission Nationale Informatique & Libertés (France)
There are two tiers of administrative fines that can be levied as penalties for non-compliance, depending on the articles deemed to be infringed:
- Up to €10 million, or 2% annual global turnover – whichever is higher.
- Up to €20 million, or 4% annual global turnover – whichever is higher.
Some of the biggest factors that influence fines are the nature and duration, intentional negligence and behavior of the organization when becoming aware of the infringement.
These fines regularly amount to millions of euros. Penalties have increased year over year and by 2021 we saw Amazon fined 746-million euros, then in 2023 Meta was fined a record 1.2-billion euros!
Meta’s penalty related to the transfer of European user’s Facebook data to the United States without sufficient protection and, the European Data Protection Board (EDPB) found that Meta IE’s infringement is very serious since it concerns transfers that are systematic, repetitive and continuous.
The European Data Protection Board is a European Union independent body whose purpose is to ensure consistent application of the General Data Protection Regulation and to promote cooperation among the EU’s data protection authorities.
In July 2023 the European Commission proposed additional laws to streamline cooperation between data protection authorities (DPAs) when enforcing the GDPR.
For businesses, the new rules clarify their due process rights when a DPA investigates a potential breach of the GDPR. The rules are intended to allow for swifter resolution of cases and more legal certainty for businesses.
The new regulation provides detailed rules to support the smooth functioning of the cooperation and consistency mechanism established by the GDPR, harmonizing rules in the following areas:
- Rights of complainants: The proposal harmonizes the requirements for a cross-border complaint to be admissible, removing the current obstacles brought by DPAs following different rules. It establishes common rights for complainants to be heard in cases where their complaints are fully or partially rejected. In cases where a complaint is investigated, the proposal specifies rules for them to be properly involved.
- Rights of parties under investigation (controllers and processors): The proposal provides the parties under investigation with the right to be heard at key stages in the procedure, including during dispute resolution by the European Data Protection Board (EDPB), and clarifies the content of the administrative file and the parties’ rights of access to the file.
- Streamlining cooperation and dispute resolution: Under the proposal, DPAs will be able to provide their views early on in investigations and make use of all the tools of cooperation provided by the GDPR, such as joint investigations and mutual assistance. These provisions will enhance DPAs’ influence over cross-border cases, facilitate early consensus-building in the investigation, and reduce later disagreements. The proposal specifies detailed rules to facilitate the swift completion of the GDPR’s dispute resolution mechanism and provides common deadlines for cross-border cooperation and dispute resolution.
The Commission’s updates do not affect any substantial elements of the GDPR, such as the rights of data subjects, the obligations of data controllers and processors, or the lawful grounds for processing personal data as set by the GDPR.
GDPR Requirements
The various articles of the GDPR place great demands on organizations to install robust data protection principles, processes, procedures, tools and technologies – and also to be able to demonstrate the actions that they have taken in the event of a data breach.
Within the network and IT management space Article 32: “Security of processing” is especially relevant.
Among other things, article 32 of the GDPR demands that organizations:
- Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
- Are able to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
- Instigate a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing
Unlike some regulatory requirements it does not give a prescriptive checklist of things to do.
Article 32 of GDPR requires any organization processing user data of individuals from the European Union (EU) to implement safeguards in place to ensure data protection. These safeguards could include physical and technical measures.
For IT and security teams the GDPR Article 32 Security of Processing is where they should focus.
How ScienceLogic Can Help
It is of utmost importance for organizations to build a comprehensive understanding of their systems with a complete inventory of assets – within a business service context – allowing you to understand what assets you have, where personal data is stored and processed, allowing teams to assess how important they are for compliance.
Combining this with continuous observability and automation for repetitive and programmatic processes – like audits and configuration backups – is vital to ensuring that decision making, recovery and compliance demonstration is fast, accurate, and fully documented.
ScienceLogic Restorepoint helps fulfil the GDPR’s criteria and requirements. It ensures that recovery from outages is as quick and straightforward as possible, but it also delivers comprehensive auditing of system configurations for compliance purposes.
Restorepoint’s compliance engine provides continual visibility of compliance status by automatically detecting changes in configuration, tracking against configuration policies and baselines, without intrusive network scans.