Considerations for GDPR readiness

Learn how Personal Identification Information (PII) data gets stored on your Guardium system, and how to manage this.

Policy Builder
If Log full details is selected in your Policy Rule Actions in the Policy Builder, Guardium logs data for each separate request, with unmasked values. Depending on the type of traffic being examined, it could contain PII. For more information, see: Rule actions
Inspection Engine
If Inspect return data is selected in the Inspection Engine configuration, data from the traffic, including result sets, is returned to the Guardium collector. Depending on the type of traffic being examined, it could contain PII.

Follow these deployment guidelines for GDPR readiness:

Encryption
If you need to configure Policy Rule Actions to Log full details or Inspection Engines to Inspect Return Data, consider encrypting the disks in the appliances. For more information, see: How to partition with an encrypted LVM.
Purge Intervals
Guardium may capture debug information that could contain PII if the database traffic that triggered the exception contained PII. Guardium admins can purge data by setting the purge interval via the GUI purge panel or the CLI command store purge objects age. For more information, see: Enabling and disabling the Investigation Dashboard.
The default for several of these items can be viewed using the CLI complementary command, show purge objects age (see https://www.ibm.com/docs/en/guardium/latest?topic=commands-configuration-control-cli). Interval is defined as number of days.
SQL Masking
Guardium may capture PII if a SQL query that contains PII fails. For more information, see https://www.ibm.com/support/pages/node/743197 to learn about masking logging exceptions.