GDPR Article 25: Data Protection by Design and by Default

The General Data Protection Regulation (GDPR) Audit reports provide documentation and compliance artifacts that help you demonstrate compliance with requirements outlined by GDPR.

The GDPR Article 25: Data Protection by Design and by Default report describes and provides access to features in the Alert Logic console that help demonstrate compliance with GDPR Article 25.

To access the GDPR Article 25: Data Protection by Design and by Default report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under GDPR Audit, click VIEW.
  4. Click GDPR Article 25: Data Protection by Design and by Default.

The report summary page displays two columns. Requirements lists each requirement from the selected GDPR Article. Available Documentation and Artifacts describes and contains links to the documentation and compliance artifacts that this report can generate to meet each requirement listed by the GDPR Article.

Filter the report

To refine your findings, you can filter your report by date range and customer account.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Available documentation and artifacts

This report provides documentation and artifacts that help you demonstrate that policies and procedures are implemented to protect data by design and by default.

Requirements 1 and 2

Requirement 1 of GDPR Article 25 requires the integration of safeguards and data-protection principles at the time of determination of the means of processing and at the time of processing to protect the rights of data subjects.

Requirement 2 of GDPR Article 25 requires that, by default, only personal data which are necessary for each specific purpose of the processing are processed. This obligation applies to the amount of personal data collected, the extent of their processing, the period of their stories and their accessibility. By default, personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.

This section provides you with the following links for quick access to appropriate pages in the Alert Logic console:

  • The Deployments page, where you can Manage Vulnerability Scan Schedules for the deployments in your environments to detect software and application vulnerabilities, risky configurations, and systems with encryption issues.
  • The Health console, where you can check the status of your networks monitored by the Network IDS to identify potential threat activity including data exfiltration, brute force, privilege escalations, and command and control exploits.
  • The Health console, where you can check the status of your agent configuration for log management collection, which supports analysis for indicators of compromise, suspicious behaviors, and support incident response forensics.
  • The Alert Logic Managed Web Application Firewall (WAF) configuration page, where you can Configure Alert Logic Managed Web Application Firewall (WAF) to block dozens of web application attack classifications.
  • The Deployments page, where you can configure File Integrity Monitoring to change how you monitor specific file paths.
  • The Extended Endpoint Protection configuration page, where you can Manage Endpoints and review the protection status, anti-malware software version status, and last check-in time for Windows and macOS endpoints in your environment.

Requirement 3

Requirement 3 of GDPR Article 25 states that an approved certification mechanism pursuant to Article 42 may be used as an element to demonstrate compliance with the requirements.

Alert Logic does not provide data for this requirement.