GDPR
GDPR Regulation (EU) 2016/679 control mapping — LinuxGuard agent and console capabilities aligned to Article 32 security of processing with IP-as-PII gotcha and Satisfies / Supports / Out of scope tie
Note: This page maps LinuxGuard against the EU General Data Protection Regulation (Regulation (EU) 2016/679) (effective 2018-05-25). Last verified against the framework on 2026-05-31. Canonical framework document: EUR-Lex — Regulation (EU) 2016/679. For the vocabulary contract used here, see Audit & Comply.
Important: Under GDPR (Recital 30 + CJEU Breyer C-582/14), IP addresses are personal data when they can be linked to an identifiable individual. The LinuxGuard agent log captures hostnames, source IPs, and command-line arguments verbatim per the log redaction policy. Customers processing data subject to GDPR must implement additional log access controls, retention limits, and erasure-on-request capability beyond what LinuxGuard provides. Support bundles also ship logs verbatim — review pre-share PII warning at operate/support-bundles.md.
Scope
This page maps LinuxGuard's agent and console capabilities against the General Data Protection Regulation (Regulation (EU) 2016/679). The mapping is scoped to Article 32 (security of processing) — technical and organizational measures to ensure a level of security appropriate to the risk — and supporting articles for breach notification (Articles 33-34) and data protection by design (Article 25). Controls in lawful basis (Article 6), data subject rights (Articles 12-22), Data Protection Impact Assessment (Article 35), records of processing activities (Article 30), and the appointment and role of the Data Protection Officer (Articles 37-39) are out of scope for this product and are listed in the mapping table as Out of scope rather than omitted. This mapping is informational and not a substitute for an independent legal review by a qualified data protection professional.
Customers remain controllers (or processors, depending on context) of personal data and remain responsible for lawful basis determination under Article 6, transparency notices under Articles 13-14, data subject request handling under Articles 12-22, Data Protection Impact Assessments under Article 35, breach notification to the supervisory authority within 72 hours under Article 33, breach notification to data subjects under Article 34, records of processing activities under Article 30, and (where applicable) appointment of a Data Protection Officer under Article 37.
Shared responsibility
LinuxGuard is a security monitoring agent and console. Compliance with any framework requires customer-side controls in addition to LinuxGuard's capabilities. This mapping is informational and not a substitute for an independent audit by a qualified assessor.
The shared-responsibility framing for GDPR Regulation (EU) 2016/679:
LinuxGuard responsibility. Produce technical security measures consistent with Article 32(1)(b) (confidentiality, integrity, availability) and Article 32(1)(d) (testing and evaluation) on Linux systems in the customer's processing environment. Maintain the framework version pin and per-control evidence pointers. Capture authentication events, file integrity events, and configuration drift events that may inform breach detection under Articles 33-34.
Customer responsibility. Determine the role (controller vs processor) and lawful basis under Article 6, draft and publish transparency notices under Articles 13-14, handle data subject requests (access, rectification, erasure, restriction, portability, objection) under Articles 12-22, conduct Data Protection Impact Assessments under Article 35, maintain records of processing activities under Article 30, notify the supervisory authority of personal data breaches within 72 hours under Article 33, notify affected data subjects under Article 34, appoint a Data Protection Officer where required by Article 37, and implement log access controls, retention limits, and erasure-on-request capability appropriate to the personal data captured in agent logs.
Out-of-scope domains for this framework. Lawful basis determination, transparency notices, data subject rights handling, Data Protection Impact Assessments, records of processing activities, Data Protection Officer responsibilities, cross-border transfer controls (Chapter V), and the customer-side governance program.
Control mapping
The Tier column uses one of three labels and only those three: Satisfies, Supports, Out of scope. The Evidence column points to a row of the canonical Evidence Location table or to a specific console page. See Audit & Comply for the three-tier vocabulary contract.
Art 5(1)(f)
Integrity and confidentiality — processed in a manner that ensures appropriate security
Supports
Agent log (raw events); Console Zero Trust Enforcement → Config Drift
LinuxGuard provides one technical input (authentication, file integrity, drift) to the integrity-and-confidentiality program. Customer responsible for the overall security program and for access controls beyond the OS layer.
Art 24
Responsibility of the controller — implement appropriate technical and organisational measures
Supports
Console Compliance Expansion → Reports
LinuxGuard provides telemetry-driven evidence supporting the technical measures component. Customer responsible for the organisational measures, governance, and the controller's accountability framework.
Art 25(1)
Data protection by design — implement appropriate technical and organisational measures at the time of determining the means of processing
Supports
Console Compliance Expansion → control detail; Config Drift events on baselines
LinuxGuard surfaces configuration baselines and drift, contributing to the technical-measures component of data protection by design. Customer responsible for incorporating data protection by design into the broader system development lifecycle.
Art 25(2)
Data protection by default — only personal data necessary for each specific purpose is processed
Out of scope
n/a
Data minimisation decisions are a controller responsibility not addressed by LinuxGuard. The agent itself collects only operational metadata for security monitoring purposes.
Art 32(1)(a)
Pseudonymisation and encryption of personal data
Out of scope
n/a
Pseudonymisation and encryption of customer's processed personal data are not addressed by LinuxGuard.
Art 32(1)(b)
Ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
Supports
Agent log (raw events); Console Zero Trust Enforcement; Console Infrastructure
LinuxGuard provides continuous monitoring of system integrity (file monitor), confidentiality (authentication events), and availability (agent health) at the OS layer. Customer responsible for resilience design at the architecture layer and for application-layer integrity.
Art 32(1)(c)
Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
Out of scope
n/a
Backup, recovery, and restoration are not addressed by LinuxGuard. LinuxGuard is a security monitoring agent, not a backup product.
Art 32(1)(d)
Process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures
Supports
linuxguard-agent probe command; Console Compliance Expansion → History
The probe command tests kernel, BPF, fanotify, netlink, audit, and capability prerequisites on demand. Compliance history surfaces ongoing posture evaluation. Customer responsible for the broader testing program and management evaluation.
Art 32(2)
Risk assessment — take into account the risks presented by processing (accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data)
Supports
Console Zero Trust Enforcement → Signals; Agent log (raw events)
Behavioral telemetry and authentication event capture provide visibility into unauthorised access attempts. Customer responsible for the risk assessment itself and the documentation of risk treatment decisions.
Art 32(4)
Steps to ensure that any natural person acting under the authority of the controller or processor with access to personal data does not process them except on instructions
Supports
Console Audit pillar → SUDO execution audit; Agent log (raw events) with loginUID attribute
SUDO execution audit and loginUID capture surviving privilege escalation provide evidence of administrator actions. Customer responsible for the authorisation policy and personnel instructions.
Art 33(1)
Notification of a personal data breach to the supervisory authority within 72 hours
Supports
Agent log (raw events) with timestamps; Console Zero Trust Enforcement → Signals; Support bundle
Agent log timestamps and signal records provide the technical timeline evidence supporting breach notification. Customer responsible for the breach assessment, supervisory authority notification workflow, and the 72-hour timeline operationally.
Art 33(3)
Content of the breach notification — nature of breach, categories and approximate number of data subjects and records, contact point, consequences, measures taken
Supports
Console Zero Trust Enforcement → Signals; Support bundle; Agent log (raw events)
Signal records, agent logs, and support bundles provide source evidence for the notification content. Customer responsible for synthesising the notification and identifying affected data subjects.
Art 33(5)
Documentation of personal data breaches — facts, effects, remedial action
Supports
Console Compliance Expansion → History; Agent log (raw events); Support bundle
Console history and bundle evidence provide the technical documentation surface. Customer responsible for the documentation workflow, remedial action tracking, and the broader incident management program.
Art 34
Communication of a personal data breach to the data subject
Out of scope
n/a
Data subject notification workflow and content are controller responsibilities not addressed by LinuxGuard.
Art 35
Data Protection Impact Assessment
Out of scope
n/a
DPIA conduct, documentation, and supervisory authority consultation under Article 36 are controller responsibilities not addressed by LinuxGuard.
Art 6
Lawfulness of processing — lawful basis (consent, contract, legal obligation, vital interests, public task, legitimate interests)
Out of scope
n/a
Lawful basis determination is a controller responsibility not addressed by LinuxGuard.
Arts 12-22
Data subject rights — transparency, information, access, rectification, erasure, restriction, portability, objection, automated decision-making
Out of scope
n/a
Data subject rights handling is a controller responsibility not addressed by LinuxGuard. Customer must implement an erasure-on-request workflow for personal data captured in agent logs (hostnames, IPs, usernames) if their data subjects are within scope.
Art 30
Records of processing activities
Out of scope
n/a
Records of processing activities are a controller and processor responsibility not addressed by LinuxGuard.
Arts 37-39
Data Protection Officer — designation, position, tasks
Out of scope
n/a
DPO appointment and responsibilities are controller and processor responsibilities not addressed by LinuxGuard.
Chapter V (Arts 44-50)
Transfers of personal data to third countries or international organisations
Out of scope
n/a
Cross-border transfer mechanisms (adequacy decisions, Standard Contractual Clauses, Binding Corporate Rules) are not addressed by LinuxGuard.
Important: Every Satisfies claim cites a specific agent feature and a specific evidence pointer. Every Supports claim states what the customer must implement to achieve full satisfaction. Every Out-of-scope row carries a one-line note explaining why — silence is interpreted as an implicit Satisfies claim.
Agent log content and GDPR considerations
Because GDPR treats IP addresses as personal data when linkable to an identifiable individual (Recital 30; CJEU C-582/14 Breyer v Bundesrepublik Deutschland), customers operating under GDPR must consider the following when deploying LinuxGuard:
Agent log content. The agent log at
/var/log/linuxguard/agent.logcaptures hostnames, source IPs (IPv4 and IPv6), usernames, file paths, and process command-line arguments verbatim. Attribute-key redaction (api_key,*_token,*_secret) is applied at the slog handler; PII is NOT additionally redacted. See Log Management § Redaction Scope for the precise statement.Support bundles. The
support-bundle collectworkflow shipsagent.logand rotated segments verbatim up to 180 MB. Review the pre-share PII warning at Support Bundles before sharing externally.Customer controls required. Implement access controls on the host-level agent log (UNIX permissions, central log management with role-based access), set retention limits consistent with the controller's records-of-processing-activities and storage-limitation principles (Article 5(1)(e)), and operate an erasure-on-request workflow that covers central log archives — see Log Management § Central Log Collection Patterns for log-shipping guidance.
The IP-as-PII consideration is the load-bearing reason GDPR is a frequent cross-reference from the Log Management and Support Bundles pages — those pages name LinuxGuard's redaction scope precisely so GDPR customers can plan accordingly.
How to share with auditor
Three export paths are available, depending on the supervisory authority's or auditor's evidence preference:
Console Compliance Expansion reports. Console pillar → Compliance Expansion → Reports produces dated, signed, auditor-shareable evidence packages (PDF / CSV / JSON) per Compliance Expansion. Each report includes the framework version (GDPR Regulation (EU) 2016/679), last-verified date, per-control coverage, per-server pass / fail breakdown, suppressions in effect, and a manifest with SHA-256 verification.
Support bundles for host-level evidence.
support-bundle collecton each host produces a tar.zst archive with agent logs, redacted configuration, and a bundle manifest — see Support Bundles. Bundles are useful when the supervisory authority wants raw host-level telemetry rather than a console-rendered report.Console CSV / JSON export per control. Compliance Expansion → GDPR → control detail → Evidence tab exports per-control evidence in machine-readable form for auditors who want to ingest evidence into their own GRC tooling.
Security Note: Support bundles include the raw
agent.logand rotated segments. Attribute-key redaction (api_key / *_token / *_secret) is applied; PII (hostnames, IPs, usernames, paths, command args) is NOT additionally redacted. This is the GDPR-relevant gotcha — IP addresses in agent logs are personal data under GDPR. Review every evidence package before sharing externally; consider whether the recipient (supervisory authority, auditor, third party) is a controller-side recipient or an external transfer requiring Chapter V safeguards. See Support Bundles for the per-file redaction status table.
Cross-references
Audit & Comply — vocabulary contract, framework version pin reference, forbidden-words list, scope statement template.
Compliance Expansion — console pillar; canonical Evidence Location pointer set.
Audit — authorizations and SUDO execution audit feeding compliance evidence.
Support Bundles — per-file redaction status table; pre-share PII warning.
Log Management — log retention, rotation, and the precise PII-NOT-redacted statement that is load-bearing for GDPR customers.
Glossary — framework acronyms and compliance vocabulary definitions.
Last reviewed: 2026-05-31 against GDPR Regulation (EU) 2016/679 published 2018-05-25.
Last updated
Was this helpful?