General Data Protection Regulation (GDPR) Compliance

Thales eSecurity enables compliance with key provisions of the GDPR, strengthening organizations' security postures while helping them avoid financial penalties

#FITforGDPR

Global Map

Regulation

Active Now

GDPR

General Data Protection Regulation (GDPR) Compliance

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.

Thales eSecurity can help you comply with the critical Article 32 and 34 GDPR rules related to:

  • The pseudonymisation and encryption of personal data;
  • Assessing the effectiveness of your security measures;
  • The unauthorized access to personal data.
Descripción General de GDPR

O Regulamento Geral sobre a Proteção de Dados já está em funcionamento.O GDPR foi criado para melhorar a proteção de dados pessoais e aumentar a responsabilidade de empresas por vazamento de dados. Com possíveis multas de até quatro por cento das receitas globais ou 20 milhões de euros (o valor mais alto), o regulamento certamente tem poder. Não importa onde sua empresa está localizada, se ela processa ou controla dados pessoais de residentes na UE, você precisa estar pronto.

Specific Requirements

Some of the key provisions of the GDPR require organizations to:

  • Implement technical and organizational measures to ensure data security appropriate to the level of risk, including “pseudonymisation and encryption of personal data." (Article 32)
  • Have in place "a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing." (Article 32)
  • Communicate “without undue delay” personal data breaches to the subjects of such breaches "when the breach is likely to result in a high risk to the rights and freedoms" of these individuals. (Article 34)
  • Safeguard against the "unauthorized disclosure of, or access to, personal data." (Article 32)
Encrypt Both Structured and Unstructured Data

Vormetric file-based transparent encryption provides the kind of "state of the art" data protection the GDPR specifies. Using Vormetric's encryption, your organization can render private data unintelligible to a cyber-intruder even in the event of a breach, thereby avoiding the breach notification requirement outlined in Article 34. The Article states that notification to the data subject shall not be required if the organization "has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption."

In addition to avoiding a costly breach notification process, you can prevent substantial reputational damage resulting from a publicized breach.

Prevent Unauthorized Access to Personal Data

Thales eSecurity products and solutions help our customers prevent unauthorized access to personal data, thus enabling compliance with Article 32. Specifically, our Vormetric Data Security Platform enables separation of duties between privileged administrators and data owners, and supports two-factor authentication. Our nShield HSMs also help customers set up high-assurance authentication of users and processes attempting to access personal data.

Test, Assess and Evaluate Data Security Effectiveness

Vormetric’s Security Intelligence produces detailed security event logs that are easy to integrate with Security Information and Event Management (SIEM) systems to produce the kind of security reports necessary for GDPR compliance. These enterprise network security information logs produce an auditable trail of permitted and denied access attempts from users and processes, delivering unprecedented insight into file access activities. These enterprise network security information logs can report unusual or improper data access and accelerate the detection of insider threats, hackers and the presence of advanced persistent threats that defeat perimeter security.

Artigos e pesquisa: Como adequar requisitos da GDPR à realidade atual da nuvem híbrida (Aligning GDPR Requirements with Today’s Hybrid-Cloud Realities)

Este artigo examina padrões do regulamento de segurança e funções de ambientes de TI em que as equipes de segurança precisam seguir o GDPR, pois a natureza híbrida destes ambientes aumenta cada vez mais, englobando tanto serviços em nuvem múltipla e locais.

Baixe agora

Data Sheets : GDPR Healthcheck Service

Thales eSecurity’s GDPR Healthcheck Service can help you determine whether you are ready for the GDPR and what resources you may require.

Baixe agora

Research and Whitepapers : Addressing Key Provisions of the General Data Protection Regulation (GDPR)

Data encryption and key management strategies to develop a compliant posture

Baixe agora

Research and Whitepapers : Bloor for the EU’s new data protection regulation, encryption should be the default option

There are many regulations and industry standards that require that stringent safeguards are applied to personal and sensitive data. Of these, the EU data protection rules affect many organisations...

Baixe agora

eBooks : GDPR Compliance in Multi-cloud Environments

With the GDPR deadline approaching, it is critical to understand how your cloud services providers affect your compliance posture. This document offers guidance about the questions you should ask your CSP to help identify potential areas of concern.

Baixe agora

Research and Whitepapers : Securosis: Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers and Applications by Securosis

This paper cuts through the confusion to help you pick the best encryption and tokenization options for your projects. The focus is on encrypting in the data center: applications, servers...

Baixe agora

Other key data protection and security regulations

GDPR

GDPR Thumbnail

Regulation

Active Now

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.

Learn More

PCI DSS

GDPR Thumbnail

Mandate

Active Now

Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

Learn More

Data Breach Notification Laws

eIDAS

Regulation

Active now

Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.

Learn More
Contact a Compliance Specialist Contact Us
Are you fit for GDPR Take our readiness assessment now
Read the Compliance and Regulations Solutions Handbook Read the eBook
Assista nosso vídeo demonstrativo interativo Explore
Agende uma demonstração ao vivo Agendar
Entre em contato com um especialista Entre em contato