GDPR

Regulation governing lawful processing, rights and controls for personal data.

GDPR is the regulation that governs processing of personal data. It applies to any system or service that collects, stores or uses identifiable personal information.

Operationally it creates requirements around lawful bases, data subject rights, retention and records of processing. It drives technical and procedural changes: enforcing access controls, minimising data, retaining and deleting records, and reporting breaches where required.

GDPR: access and security controls

Requirements for restricting access, managing privileges and enforcing authentication and authorisation to protect personal data under GDPR.

WALLIX PAM

Centralises privileged credential management and enforces controls over administrative access.

PAM360

Automates privileged password rotation and enforces access policies for administrative accounts.

AD360

Provides centralised authentication, MFA and access controls for directory and cloud identities.

uniqkey

Stores credentials in an encrypted vault and centralises access control and sharing.

Specops Password Policy

Enforces password rules and breached-password checks to prevent weak credentials and reduce account risk.

ADSelfService Plus

Provides self-service password reset and MFA to improve authentication and reduce account support.

GDPR audit evidence and records

Gather and keep logs, reports and records that show processing, access and security controls to support GDPR audits.

ADAudit Plus

Records AD and Windows events to provide searchable audit trails for investigations and audits.

MOVEit Transfer

Provides detailed transfer logs and tamper-evident records to support compliance audits.

MOVEit Cloud

Maintains audit logs and access records for transfers and stored files for compliance.

MOVEit Automation

Records automated transfer activity and maintains logs to provide evidence for audits.

NetWrix Auditor

Collects and stores tamper-evident audit records of configuration and user activity for audits.

AD360

Captures provisioning and access events to create audit records for user lifecycle and access changes.

PAM360

Records discovery and session events to provide auditable trails of privileged activity.

WALLIX PAM

Provides session recording and audit trails of privileged activity to support regulatory evidence.

Netwrix Endpoint Protector

Records endpoint transfer events and maintains logs for investigation and audit purposes.

M365 Manager Plus

Collects Microsoft 365 activity and configuration logs to support auditing and incident investigation.

GDPR: data protection, classification and handling

Controls for protecting, classifying, transferring and retaining personal data under GDPR.

MOVEit Transfer

Encrypts, controls and logs file transfers to protect personal data during transit.

Netwrix Data Classification

Discovers and labels sensitive personal data to support classification and controlled handling.

Netwrix Endpoint Protector

Controls endpoint data transfers and enforces policies to prevent unauthorised exfiltration of personal data.

MOVEit Automation

Automates secure, policy-driven file movement to ensure protected handling of personal data.

MOVEit Cloud

Cloud-hosted secure storage and encrypted transfer to protect personal data.

GDPR governance and compliance

Clarifies accountability, applicable policies and evidence required to demonstrate and record GDPR compliance.

CyberSmart

Provides policy management and controls monitoring to help demonstrate GDPR governance and compliance.

Where GDPR fits

GDPR touches identity services, application databases, backups, logs and integrations with third‑party processors. Any flow containing personal identifiers needs to be identified and assessed.

You must consider GDPR when choosing controls and designing data flows. That means being clear who is responsible, what access looks like, how long data is kept and what contractual or technical controls exist with suppliers.

Discuss your GDPR approach

Speak to a specialist