GDPR Compliance Management Software

Teramind for GDPR can ensure data is processed lawfully and not exfiltrated to unauthorized systems and mediums. Data classification can be set to identify personal data and then policies and rules can be created using advanced OCR and fingerprinting features to detect and restrict access to such data automatically.

Article 9 lays out further requirements for special categories of personal data. For example, Member States may maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health.

Teramind for GDPR features built-in classifications for health-related data such as DNA profiles, National Health Services numbers, disease and drug names, and more. Custom data types can be created for your unique needs.

With Teramind Privileged User Monitoring, you can conduct threat analysis, forensic investigation, and security auditing. The privileged user access monitoring tools also have complete session recording, metadata analysis, and immutable logging features.

Finally, extend your privileged user security coverage with built-in integration. Security information, event management (SIEM), and threat analytics systems are all included in privileged access monitoring.

Teramind for GDPR can ensure data is processed only in the context it is required to be processed. Monitoring settings can be configured to only record the necessary information. For example, keystrokes or screen capture can be disabled when a user enters their personal banking site or personal emails.

Organizations can implement Teramind for GDPR with specific monitoring features and recording of events only at policy violations, narrowing the scope of user activity recording and ensuring a privacy-friendly implementation. ​ Administrators’ privileges can be limited with tiered access to only​ view ​specific sets of data. Custom alerts and prompts can be set up to inform users what data is collected and allow them to acknowledge any action being taken

GDPR requires organizations to maintain an up-to-date record of the locations and usage of personal information and product/demonstrate safeguards used to protect the data. This could be information in files, databases, email, unstructured data, backups, DMS, knowledge bases, or anything else that houses data.

Teramind for GDPR can help the Controller and the CDO identify this information and record who’s accessing what data, how the data is flowing through the organization and then create perimeter rules to safeguard their access or usage

Part of Article 32 states that the Controller and the Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

Teramind for GDPR is well suited to help implement many of these security requirements. For example: implement access profiles for each staff, restrict or block sharing of encrypted content, limit use of FTP/Cloud sharing sites, prevent the viewing of sensitive data by employees, prevent unauthorized decryption operations on files and more

Teramind for GDPR can provide full forensics with respect to a data incident, and a video recording of the event. Detailed alert reports can be exported including any security incidents and what actions were taken in minutes superseding the 72 hour limit set by GDPR. Session recordings and history playback can be used to provide proof for further forensic investigation.

Some key responsibilities of the DPO is advising the Controller on various GDPR initiatives and monitor the effectiveness of the compliance measures and identify any risk associated with data processing operations.

To help the DPO with their role, Teramind for GDPR has a role-based access management system ensuring that both internal and external users are monitored and audited properly. Additionally, there’s a Risk dashboard that identifies policies, rules, personnel and system objects that are at risk.

Teramind for GDPR monitors all employee, contractor and third-party vendor activity including file access, apps and website usage and all other interactions within the local, network or Cloud environments. Business etiquette rules can be created to train the users about nonconformity and influence corrective behavior.