Is opendistro GDPR compliant?

[pavolloffay]

Hi,

is Opendistro fully GDPR compliant like SearchGuard https://search-guard.com/gdpr-compliance-elasticsearch?

[elfisher]

Hi @pavolloffay Open Distro for Elasticsearch Security provides a variety of security tools like encryption in transit, role based access control at the index, document, and field-level. It also provides an audit logging feature to track access to your cluster and log security and compliance related events.

It is up to the user to configure their cluster correctly for GDPR, but the security plugin provides tools to help meet compliance.

[pavolloffay]

thanks @elfisher. To be honest I do not know what exactly is required for GDPR compliance. As GDPR probably requires more "checkboxes" it would be helpful to provide more documentation how each requirements can be met with opendistro. At the moment I found only this https://opendistro.github.io/for-elasticsearch/features/security.html

[fatalglitch]

It's important to note that even SearchGuard does not make you GDPR compliant, but it helps with some of the requirements. There's a lot more than just RBAC, Auditing, and Encryption that are required to be compliant. At a high level, many of the core functions of RBAC, Auditing, and Encryption appear to be in Open Distro for Elasticsearch that help with being compliant for GDPR.

[elfisher]

@pavolloffay Thanks for opening this issue. As there isn't a direct issue or feature request for the project, I'm going to go ahead and close the issue. Thanks.