Considerations for GDPR readiness
This document provides information about Guardium® Data Security Center features that you should consider to help your organization with GDPR readiness.
This information is not an exhaustive list due to the many ways that customers can choose and configure features, and the large variety of ways that the product or its modules can be used in itself and with third-party applications and systems.
Customers are responsible for ensuring their own readiness for the laws and regulations, including the European Union General Data Protection Regulation. Customers are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the customers‚ business, and any actions the customers might need to take to comply with such laws and regulations.
The products, services, and other capabilities described herein are not suitable for all customer situations and might have restricted availability. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products will ensure that customers are ready for any law or regulation.
- Policy Builder
- If Log full details is selected in your Policy Rule Actions in the Policy Builder, Guardium logs data for each separate request, with unmasked values. Depending on the type of traffic being examined, it could contain PII.
- Inspection Engine
- If Inspect return data is selected in the Inspection Engine configuration in IBM Guardium Data Protection, data from the traffic, including result sets, is returned to the Guardium collector and could be forwarded to Guardium Data Security Center. Depending on the type of traffic being examined, it could contain PII.
- Encryption
- Guardium Data Security Center captures content from data integrations and connections. All captured content is encrypted at rest and in transit.
- SQL masking
- Guardium may capture PII if a SQL query that contains PII fails.
To mask exception data captured directly in IBM Guardium Data Security Center SaaS, update your Sniffer, Risk Events, and connection settings. For more information, see Managing tenant settings.
To learn about masking logging exceptions in IBM Guardium Data Protection before they are sent to IBM Guardium Data Security Center SaaS, see https://www.ibm.com/support/pages/node/743197.
- Purge Intervals
- IBM Guardium Data Protection may capture debug information that
could contain PII if the database traffic that triggered the exception contained PII. Admins can
purge data by setting the purge interval on IBM Guardium Data Protection via the GUI purge panel or the CLI command
store purge objects age. For more information, see: Enabling and disabling the Investigation Dashboard.
The default for several of these items can be viewed using IBM Guardium Data Protection's complementary CLI command,
show purge objects age
(see https://www.ibm.com/docs/en/guardium/latest?topic=commands-configuration-control-cli). Interval is defined as number of days.