GDPR Compliance and Elasticsearch
The European Union's (EU) General Data Protection Regulation (GDPR) is now in effect. Non-compliance comes with heavy fines. Learn about security and deployment best practices to get your Elasticsearch data compliant with GDPR guidelines.
Talk with an Elastic expert about getting GDPR-ready with the Elastic Stack.
NewImprove your security stance with FIPS 140-2 and Kerberos.Read More
Get Your Elasticsearch Data GDPR Compliant
Whether you are using Elasticsearch for application search or as a centralized logging platform, there is a strong chance that you are dealing with data that is classified as personal data by GDPR guidelines, with strict requirements on how it's secured and processed.
Learn how you can use Elastic Stack features, from role-based access control to data encryption, to get your Elasticsearch data ready for GDPR.
Access Controls: Implement role-based access control, down to the field level, to ensure that only authorized persons can access GDPR Personal Data in your Elasticsearch cluster.
Monitor Access and Breaches: Combine Elasticsearch audit and access logs with machine learning and alerting jobs to get proactive with access monitoring and breach detection.
Pseudonymization: Use Logstash fingerprint filter to replace personal data with hashed values.
Encryption: Enable TLS / SSL to secure your data in transit from snooping and tampering.
Resilience and Disaster Recovery: Guard against loss of data with default index replication and horizontally scalable clustering.
Use the Elastic Stack to Get GDPR Compliant
GDPR mandates that you "shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk." One well-accepted technical measure that organizations take is the centralized logging and analysis of all security-related information.
Many organizations are using the Elastic Stack as their central security analytics platform for real-time analysis of security information at scale.