We got the question how to easily and cheaply implement GDPR into our IDMS applications. We're considering activating "journal retrieval" to log all read activity into our journals, but we're a bit unsure about the impact on 1) overall performance and 2) the extra journal activity. Is there anyone who has experience with this , or can give an indication of what impact we can expect on the journalling activity/archiving ? Thanks for your feedback.
Be aware that JOURNAL RETRIEVAL does not journal all read activity. All it does is forces all runs units to write BGIN and ENDJ checkpoints to the journal, including those that perform no updates. With NOJOURNAL RETREIVAL, run units that do no updates don't get BGIN/ENDJ checkpoints written.
So I don't think this will give you what you are looking for.
There are a number of different areas that can be addressed with and in our IM solutions for GDPR. Is there a specific area of concern? The most common include, but are not limited to:
Who has access to what users?
Who has access to do what to what users?
Who has access to do what to what systems?
Who can read or access information on what users?
What can the users do?
What logs are readable and by who?
Who is part of the notification chain if you have email configured?
Who can access what part or the solution and from where?
… each requires slightly different things to turn on or report on.
There are a bunch of more, but depends on which of the requirements you are looking to address.
All the best;
Sr. Public Sector Cyber Security Advisor