Personal Data Handling
The FortiEDR system fully complies with the General Data Protection Regulation (GDPR) standard. The GDPR is a regulation in European Union (EU) law regarding data protection and privacy for all individuals within the EU and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The goal of the GDPR is primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The GDPR standard requires that all relevant data for an employee of a company that is using the FortiEDR system or a FortiEDR user be removed from the FortiEDR system, once he/she no longer has access to or uses the FortiEDR system.
In FortiEDR, the GDPR feature is implemented in the Personal Data Handling area of the Tools window.
To fully comply with the GDPR standard, the employee’s/user’s device name, IP address, MAC address and user name must all be totally removed from the FortiEDR system. This data is deleted from FortiEDR in real time, from everywhere that it appears in the FortiEDR system (for example, from the Inventory, Event Viewer, Audit Trail and so on).
The GDPR regulation obligates you to notify your users, should the FortiEDR system be hacked. You can use the Export report of monitored users button to export the list of monitored users in the FortiEDR system. This action exports a report such as the one shown below:
To remove employee/user data from the FortiEDR system for GDPR compliance:
- Uninstall the Collector from the employee’s/user’s computer. This step is important, so that no further data is collected from that Collector. For more details about uninstalling, see page 55.
Note – Be sure to do this for all the employee’s/user’s computers on which Collectors are installed.
- Click the TOOLS link in the left pane.
- In the Personal Data Handling area you must specify the device name, IP address, MAC address and user name of the employee/user to be removed from FortiEDR.
Note – If the employee/user has multiple computers on which Collectors are installed, you must repeat the steps below for each of his/her computers.
Removing an employee/user for GDPR compliance requires an iterative process in FortiEDR that must be performed four times, in order to remove the device name, IP address, MAC address and user name of the employee/user successively, one after another. You can remove this data in any order that you prefer. For the purpose of example, we will start by removing all Device name data for the employee/user.
IMPORTANT – You can remove the device name, IP address, MAC address and user name of the employee/user from FortiEDR in any order that you prefer. However, you must remove all device name, IP address, MAC address and user name data from FortiEDR in order to fully comply with the GDPR standard.
- In the Search by dropdown list, select Device name. This field determines which criterion to search for in the FortiEDR system (device name, IP address, MAC address or user name).
- In the adjacent field, enter the device name for the employee/user whose data you want to remove.
You can copy/paste this information into the adjacent field after locating it elsewhere in the FortiEDR user interface. For example, you can locate the relevant device name in the Last Logged column in the Collectors list in the Inventory window, such as shown below, and then copy that value into the relevant field in the Personal Data Handling area. Similarly, you can also readily locate the MAC address and IP address using the Collectors list in the Inventory window.
In a similar manner, you can locate the user name in the Event Viewer, and then copy/paste that information into the adjacent field in the Personal Data Handling area, as shown below:
If you prefer, you can use another method of your choice to identify the device name.
- After entering the details for the device name, as shown below, click Search to search for all occurrences of the device name in the FortiEDR system.
The following displays, listing all matching results:
- Do one of the following:
- Click the Export Report button to export a report of the data to be removed for the employee/user. This option enables you to keep a record of what will be deleted. However, use of this option is not recommended, as all traces of the employee’s/user’s data are to be permanently removed, including this report.
The following displays after the report has been exported:
Click the Download link to download the Excel report. An example of the downloaded report is shown below:
- Click the Delete All Records button to remove all device name data for the employee/user. The following displays:
Click Delete to remove all device name data for the employee/user from FortiEDR. After several moments, the following displays, indicating that the data has been removed:
You can check the Export report to Excel before deleting data checkbox if you want to export the data before it is removed from FortiEDR.
- Click the Export Report button to export a report of the data to be removed for the employee/user. This option enables you to keep a record of what will be deleted. However, use of this option is not recommended, as all traces of the employee’s/user’s data are to be permanently removed, including this report.
- Click Continue to proceed with removing the other required data for the employee/user (IP address, MAC address and user name).
- Repeat steps 4–8 to remove the relevant IP address from FortiEDR. Be sure to select IP Address in step 4.
- Repeat steps 4–8 to remove the relevant MAC address from FortiEDR. Be sure to select MAC Address in step 4.
- Repeat steps 4–8 to remove the relevant user name data from FortiEDR. Be sure to select User Name in step 4.
Personal Data Handling of Threat Hunting Data
The search performed by Personal Data Handling (described above) does not show activity event data. This data will be deleted in case you use the delete option (described above), even though it is not displayed in the search results. If you’re interested in seeing the activity data that will be deleted, you can view it by using the Search option of the Threat Hunting feature, as described in Threat Hunting.