A. The first question to analyze is whether Blooms Inc. has consent to collect the data of customers under the General Data Protection Regulation (GDPR).
According to Article 7(1) GDPR, the fundamental condition for the data processing based on consent is the ability of the data’s controller to demonstrate that the data subject (i.e. the customer) has consented to the processing of his or her personal data.
In the present case, the customers, namely Steven and John, freely and specifically shared their personal data on the website, and thus basically consented that this information will be used and processed by the controller of the data in exchange of service. The data's share in a digital form makes the controller indeed able to easily demonstrate that the consent has been given.
B. Along with consent, another legitimate basis for collecting this data (e.g. the delivery addresses and receivers’ information) is that the processing of data in question is necessary for the performance of the contract/service, particularly for the flowers' delivery. This fact satisfies the condition of Article 7(4) GDPR and proves that the consent was indeed freely given to the data collector.
C. In the case at hand, Blooms Inc. is the data controller, as it is the company which directly determines the purposes and the means of the …show more content…
Technically, SIEM works by gathering all the event logs from the set up devices of the company. After that, these logs are sent to a collector, which generally runs on a virtual machine inside the host network. Later, the logs are transmitted from the collector to the SIEM itself. The SIEM gathers and builds up all the logs and divides them into event types, such as, for example, successful logs, failed logs, exploit attempts, malware activities, etc. Next, these event types are run against rulesets to determine if there is any illegal and dangerous traffic. There will be an immediate alert about an attack in case a rule is