EU General Data Protection Regulation (GDPR)

New Rules for Securing Personal Data

The EU GDPR applies to businesses within and outside the European Union that collect personal data belonging to EU citizens. The goal of the GDPR is to establish a consistent regulation for the privacy of personal data as “Rapid technological developments and globalisation have brought new challenges for the protection of personal data.”

Compliance with the GDPR requires the creation and enforcement of several technical and administrative controls. Specifically, sections 2 and 3 of the GDPR require impact assessments, security controls, and notification of data breaches. Organizations must notify the authorities within 72 hours of becoming aware of a breach. The organization does not need to notify the data subject (citizen) of a breach if the organization has appropriate measures “applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption.”

Ignoring the compliance obligations under GDPR is not an option as fines for GDPR violations promise to be massive.

CipherPoint Solution for GDPR

At the core of GDPR compliance is the need for organizations to understand where personal data is stored, apply appropriate controls to secure that information from unauthorized access, and monitor for malicious activity. As with other privacy compliance programs unstructured data creates unique challenges that the CipherPoint platform can address. The CipherPoint Eclipse data security suite allows organizations to locate personal data, encrypt that information and centrally manage permissions to protect against unauthorized access, and log all permitted and denied access requests to secured personal data. Specifically, the CipherPoint Eclipse solution helps to meet EU GDPR compliance as follows:

  • Data Discovery – Pre-built and fully customisable data discovery rules to locate personal data in file shares, SharePoint, SharePoint Online, and OneDrive for Business.
  • Encryption & Key Management – Encrypt personal data at rest and in use with automated encryption key management.
  • Permissions Management – Centralized access controls integrated with data encryption to strongly secure personal data from unauthorized access, including the ability to prevent breaches as a result of compromised systems administrators accounts.
  • Logging & Audit – Detailed logging of all permitted and denied access requests to personal data.

Customers can use CipherPoint Eclipse products to secure personal data in SharePoint, SharePoint Online, OneDrive for Business, Office 365, and file servers. Visit our product pages to learn more about CipherPoint data security solutions for specific environments.