Four Letter Words: SIEM & GDPR: [the GDPR Series (7)]

Summary: SIEM solutions are not only a growing segment of the technology market but, through GDPR implementation, companies will use SIEM as a tool for security and compliance.

• Security Information and Event Management (SIEM) solution is an emerging tool to comply with various articles of GDPR.
• SIEM tool takes system logs, network information and behaviour analysis and creates one central point of collection, systemizing the data flow for companies.
• SIEM points out the occurrence of incidents that could have led to breach, thereby, simplifying the notification process.

Article excerpts from my forthcoming book – 99 Articles on the GDPR

The goal of the GDPR is not only to allow EU citizens to have great control over their personal data but also to create more intelligent technology, greater flexibility with the flow of information and greater levels of security for organizations. The regulation has caused certain solutions to come to the forefront as necessary for an organization. While there is no one solution that will help you to fully comply with the GDPR, there are certain tools that are needed to more effectively manage data.

One such tool is the Security Information and Event Management (SIEM) solution. A SIEM tool takes system logs, network information and behavior analysis and creates one central point of collection, analysis. SIEM can sit on the edge of your network or specific data systems so a company can then better process data flow from the point of instantiation. The data that passes through SIEM solutions can monitor behavior and system activity. Many SIEM vendors have implemented forms of machine learning, artificial intelligence and other types of automation to help with data flows. The automation of data collection and processing is how SIEM can be very useful for the GDPR.

SIEM helps to enforce data security policies while also helping with clauses of the GDPR that relate to data collection and processing methods. There are a number of ways a company can use SIEM tools within the context of the GDPR. The relevant clauses are Articles 25(1) and (2), 32(1)(b) and 33. However, there are also less obvious articles under the GDPR where SIEM can help(e.g. Article 6,15-18, 21, 22, 28, 58 and 82).

There are many uses for SIEM in security in the GDPR. Article 33 speaks to the “Notification of a personal data breach to the supervisory authority”. So you can see how SIEM would help to be see where incidents occurred and whether that may have lead to a breach and what kind of data was taken.

However, through the GDPR, the solution is gaining traction as a compliance tool as well. For example, Article 32(1)(b) requires an organization maintain ongoing confidentiality, integrity, availability, access, and resilience of processing systems and services. SIEM solutions monitor, log and report on data structure changes. To comply with this clause, the company could show compliance auditors that changes to the database can be traced to accepted change tickets based on SIEM reports.

SIEM is an intelligence system. As having too much siloed information is almost as bad as having no information on an attack at all. The SIEM solution gives you the ability to gain visibility and control so that you have the power to act and to demonstrate to EU authorities that you have acted – or can act if called upon. The need to translate GDPR requirements to IT security policies is evident but with the use of solutions like SIEM, becoming compliant certainly becomes easier.