General Data Protection Regulation (GDPR) has been adopted by the European Union ("EU") and applies from May 25, 2018.
GDPR is designed to give more control to individuals over their personal information and data. It is intended to put guidelines and regulations on how the data is processed, used, stored or exchanged outside the EU and EEA areas.
While deploying the Barracuda Web Application Firewalls in GDPR compliant environments, an administrators should ensure that capabilities related to encryption of logs, reports and backup are configured.
Understand the Terminology
Customer – a person who interacts with an application that is deployed in GDPR compliant environment and is protected by Barracuda Web Application Firewall.
Administrator - individuals who manage the Barracuda Web Application Firewalls. These individuals may also be responsible for other functions relating to security of the personal data such as, access, deletion, and modification of data. Administrators may also manage the permissions of users, groups, and user accounts.
Organization - are licensed customers, who own the user data and are responsible for compliance. These organizations will provide mechanisms and relevant privacy notices to the individuals who engage with the organizations. The notices must describe how a user’s information is collected and used and if any consents are required. If the individuals want to know or delete their stored information, the organizations must respond to such requests.
Why GDPR is important
GDPR ensures the protection of personal data remains a fundamental right for EU citizens. It aims at modernizing outdated privacy laws. It has the potential to impact any business that collects data in or from Europe.
How Barracuda WAF supports GDPR
The Barracuda Web Application Firewall is compliant with these rules. It provides administrators with services and resources to help them comply with GDPR requirements that may be applicable to their operations such as, encryption, backup and log export. Barracuda WAF is committed in protecting the customer's privacy and providing the customers with clear and concise details about the data that is collected and used.
The ADVANCED > System Configuration > GDPR Compliance section allows you to enable or disable the encryption for all logs and problem report by using an encryption key. You can create your own encryption key or use the default key "Barracuda Networks is your new best friend" provided by Barracuda Networks.
Enable Log Encryption - By default, this is set to No. You can enable log encryption by setting the parameter to Yes. A default key "Barracuda Networks is your new best friend" is provided by Barracuda Networks that can be used for encryption.
Key to be used for Encryption - The key used for encrypting and decrypting the log file/problem report. By default, "Barracuda Networks is your new best friend" key is selected.
Decrypting a Log File/Problem Report
To decrypt a log file/problem report, use OpenSSL on any Linux or Windows host machine:
- Download the relevant log file/problem report.
- Type gpg < filename > to start the decryption.
- Specify the encryption key that you created. The log file/problem report is now decrypted successfully.