GDPR III, Rights of the data subject <gdpr_III>

In this chapter, GDPR describes the rights of individuals regarding personal data management by third-party entities.

Chapter III, Article 14, Head 2 (c)

Information to be provided where personal data have not been obtained from the data subject, Head 2 (c): “In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following information necessary to ensure fair and transparent processing in respect of the data subject: the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability.”

This article requires that when an individual requests a temporary restriction on processing his user data, there is no access to that data during the period specified.

Using File Integrity Monitoring (FIM) and the Wazuh dashboard, you can perform searches to confirm that there has been no modification or deletion of user data during the specified period of restriction.

Use case: Search for FIM events within a certain time frame

In this use case, from the Wazuh dashboard, filter for syscheck events to confirm that there have been no FIM events involving modification or deletion of restricted data during specific time intervals.

Chapter III, Article 17, Head 1

Right to erasure (right to be forgotten): “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.”

The Wazuh File Integrity Monitoring module assists in meeting this GDPR requirement. It monitors specified files and folders containing personal data and generates alerts when modification or deletion occurs. File deletion alerts can provide individuals with confirmation that their personal data has been permanently deleted in response to their request.

Use case: Detect file deletion

In this use case, you have to configure the Wazuh agent on an Ubuntu 22.04 endpoint to detect file deletion in the /root/personal_data directory. Then, you need to delete a file to trigger an alert.

Ubuntu endpoint

  1. Switch to the root user:

    $ sudo su

  2. Create the directory personal_data in the /root directory:

    # mkdir /root/personal_data

  3. Create the file subject_data.txt in the /root/personal_data directory and include some content:

    # touch /root/personal_data/subject_data.txt
# echo "User01= user03_ID" >> /root/personal_data/subject_data.txt

  4. Add the configuration highlighted to the <syscheck> block of the Wazuh agent configuration file /var/ossec/etc/ossec.conf:

    <syscheck>
  <directories check_all="yes" realtime="yes">/root/personal_data</directories>
</syscheck>

  5. Restart the Wazuh agent to apply the changes:

    # systemctl restart wazuh-agent

  6. Delete the file subject_data.txt:

    # rm /root/personal_data/subject_data.txt

On the Wazuh dashboard, an alert shows that the subject_data.txt file has been deleted.