GDPR requirements to monitor personal data access and modification

General Data Protection Regulation (GDPR) article 30 is talking about “Records of processing activities” and article 32 talking about technical measures. In this blog, we want to  focus on how StaffCounter can help to adhere the broad requirements of Article 32  with the various monitoring and auditing tools offered by the solution.

GDPR logging requirements

The following technical strategies and technologies may help to form your GDPR compliance plan:

• Auditing of personal data access and modifications;
• Secure archiving of audit records;

StaffCounter supports the majority of the required process and technology changes as it constantly monitors data access events, providing detailed real-time results of the what/where/when related to suspicious activity with personal data or unauthorized access. StaffCounter also allows to leverage data analysis and various reports to prioritize worrisome incidents. Detailed activity records provided by StaffCounter also allows to monitor events of personal data modifications to track data integrity in case of digital forensics. This feature allows to fulfill “Records of processing activities” article.

Some of those scenarios can be handled on a low level database entries, but in cases where a manual processing of personal data are taking place, then having them securely logged in a tamper-evident way gives further guarantees and no regulator can claim that you back-dated or modified a record. Management can drill down into sequences of manual personal data access in order to better understand and analyze data access patterns.

About StaffCounter

StaffCounter is a fully automated employee activity monitoring system, which allows you to know of how your employees access and modify sensitive data on a computer. StaffCounter track data access events and creates detailed audit records for secure archival. We offer StaffCounter as SaaS or on-premise installation.