GENERAL DATA PROTECTION REGULATION (GDPR) COMPLIANCE

Vormetric Data Security Solutions

On December 15, 2015, the EU agreed to a draft of the General Data Protection Rules (GDPR) with potential fines of up to four percent of global revenues or 20 million EUR (whichever is higher), if an enterprise breaks those rules. These rules, which are expected to go into effect in 2018, apply to any companies that have or manage the data of customers in the EU regardless of whether the company itself is based outside the EU (with implications for cloud-based models).

Among the rules are requirements to:

  1. Implement technical and organizational measures to ensure appropriate data security through means including, among others, “pseudonymisation and encryption of personal data”
  2. Have in place a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of data processing
  3. Communicate “without undue delay” personal data breaches to the subjects of such breaches when the breach is likely to result in a high risk to the rights and freedoms of these individuals

We have seen through numerous examples in the U.S. that when companies must report data breaches to their customers, the company’s profits and stock prices suffer and senior executives lose their jobs. And GDPR adds substantial fines to these risks.

All things considered, GDPR has teeth. Or, it will in 2018, when it goes into effect. If you process individual ID data of EU residents, you need to be ready.

Steps You Can Take to Comply and Avoid Fines

Vormetric can help you comply with all three of the requirements above.

Complying with Data Protection Requirements and Avoiding Subject Notification

Regarding notifying the subjects of a data breach, the agreed upon text states:

The communication to the data subject … shall not be required if: … the controller has implemented appropriate technical and organisational protection measures … to the data affected by the personal data breach, in particular those that render the data unintelligible to any person who is not authorised to access it, such as encryption....

So, if you have Vormetric’s file-based transparent encryption with integrated key management in place, you will have the kind of state of the art data protection GDPR mandates. And, if and when your data is breached, it will be encrypted and unintelligible to the cyber-intruder who takes it. So, you won’t have to report the breach to the subjects of the data.

Encrypting Both Structured and Unstructured Data

Another advantage of Vormetric’s file-based transparent encryption is that it encrypts many kinds of data – both structured and unstructured.

According to TechTarget’s SearchSecurity Sanjay Beri, CEO of Netskope says:

GDPR “requires organizations to safeguard personal data, which may include anything from data about political viewpoints to health history," adding that "this applies to all systems used to process the data, including cloud apps."

The difficulty in complying, according to Beri, is "that many, if not most, personal data for which the organization is legally responsible are data not found in structured formats like databases, but things like email [messages] and random documents created using Office 365 and Box, and in cloud apps not sanctioned by IT." He went on to say that BYOD [bring your own device] "worsens the problem, leaving businesses to wonder how they can even begin to comply with GDPR if they don't know what data they have and where they reside?"

Vormetric’s file-based transparent encryption with integrated key management is a tailor-made solution for this kind of challenge.

Testing, Assessing and Evaluating the Effectiveness of Data Security

Finally, Vormetric’s Security Intelligence produces detailed security event logs that are easy to integrate with Security Information and Event Management (SIEM) systems to produce the kind of security reports necessary for GDRP compliance. These enterprise network security information logs produce an auditable trail of permitted and denied access attempts from users and processes, delivering unprecedented insight into file access activities. These enterprise network security information logs can report unusual or improper data access and accelerate the detection of insider threats, hackers and the presence of advanced persistent threats (APT) that are past the perimeter security.

If you control or process personal identification information of EU members contact Vormetric today to discuss how to comply with GDPR.

WHITE PAPERS

Bloor White Paper: For the EU’s new data protection regulation, encryption should be the default

Bloor White Paper

There are many regulations and industry standards that require that stringent safeguards are...

Download >>

WEBCAST

Bloor Webinar: Will Encryption Save Europe’s Privacy Plans?

Bloor Webinar: Will Encryption Save Europe’s Privacy Plans?

The proposed general data protection regulation follows a similar theme of being technology agnostic,...

Watch Now >>

ANALYST REPORT

Encryption Architecture

Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers and Applications by Securosis

Download >>

SOLUTION BRIEF

Vormetric Tokenization with Dynamic Data Masking

Vormetric Tokenization with Dynamic Data Masking

Download >>

WHITE PAPERS

Big Data, Big Risks

Vormetric Cloud Encryption Gateway White Paper

Download >>
Encryption Architecture

2015 Global Data Security Platform New Product Innovation Award

Download >>

The Vormetric Digital Digest on Data Security

Customer and Partner Success

  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM
  • CenturyLink
  • QTS
  • Teleperformance Secures
  • Delta Dental