The European Union's (EU) General Data Protection Regulation (GDPR) goes into effect May 25, 2018. Non-compliance comes with heavy fines. Learn about security and deployment best practices to get your Elasticsearch data compliant with GDPR guidelines.

Talk with an Elastic expert about getting GDPR-ready with the Elastic Stack.

New Get your Elasticsearch data on track to GDPR compliance. Watch Video

Get Your Elasticsearch Data GDPR Compliant

Whether you are using Elasticsearch for application search or as a centralized logging platform, there is a strong chance that you are dealing with data that is classified as personal data by GDPR guidelines, with strict requirements on how it's secured and processed.

Learn how you can use Elastic Stack and X-Pack features, from role-based access control to data encryption, to get your Elasticsearch data ready for GDPR.

Access Controls

Access Controls: Use X-Pack to implement role-based access control, down to the field level, to ensure that only authorized persons can access GDPR Personal Data in your Elasticsearch cluster.

Monitor access and breaches

Monitor Access and Breaches: Combine Elasticsearch audit and access logs with machine learning and alerting jobs to get proactive with access monitoring and breach detection.

Pseudonymization

Pseudonymization: Use Logstash fingerprint filter to replace personal data with hashed values.

Encryption

Encryption: Enable TLS / SSL (via X-Pack) to secure your data in transit from snooping and tampering.

Resilience and Disaster Recovery

Resilience and Disaster Recovery: Guard against loss of data with default index replication and horizontally scalable clustering.

Use the Elastic Stack to Get GDPR Compliant

GDPR mandates that you "shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk." One well-accepted technical measure that organizations take is the centralized logging and analysis of all security-related information.

Many organizations are using the Elastic Stack as their central security analytics platform for real-time analysis of security information at scale.

Logo - USAA

USAA secured their entire internal network and application portfolio. Learn More

Logo - Barclays

Barclays created a centralized security function to protect the global enterprise. Learn More

Logo - Slack

Slack built a defensive security program to monitor malicious activity. Learn More

Get Started on Your GDPR Journey

Get a comprehensive view of how Elastic can help on your journey to GDPR compliance with this white paper.

Download White Paper