General Data Protection Regulation (GDPR)
Strengthening organizations' security postures while helping them avoid financial penalties
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of people in the EU - regardless of where the organization is headquartered.
Entrust and our technology partners can help you comply with the critical Article 5, 32 and 34 GDPR rules related to:
- The pseudonymisation and encryption of personal data;
- The unauthorized access to personal data.
Regulation
GDPR Overview
The General Data Protection Regulation is here. The GDPR is designed to improve personal data protections and increase organizational accountability for data breaches. With potential fines of up to four percent of global revenues or 20 million EUR (whichever is higher), the regulation certainly has teeth. No matter where your organization is located, if it processes or controls the personal data of EU residents, you need to be compliant.
Specific Requirements
Some of the key provisions of the GDPR require organizations to:
- Process personal data in a manner that ensures its security, “including protection against unauthorized or unlawful processing” (Article 5)
- Implement technical and organizational measures to ensure data security appropriate to the level of risk, including “pseudonymisation and encryption of personal data." (Article 32)
- Communicate “without undue delay” personal data breaches to the subjects of such breaches "when the breach is likely to result in a high risk to the rights and freedoms" of these individuals. (Article 34)
- Safeguard against the "unauthorized disclosure of, or access to, personal data." (Article 32)
Compliance
Strong Data Encryption and Key Protection
Entrust and our data encryption technology partners help you ensure that encrypted personal data remains unreadable, as defined by GDPR, by protecting encryption keys with FIPS-certified Entrust nShield™ HSMs.
Database Encryption Key Protection
Personal data housed in databases is attractive to attackers seeking to steal identities, payment credentials and more. Keep this information secure by protecting encryption keys with Entrust nShield HSMs.
Authorized User Controls
Establish a secure and scalable PKI that helps ensure that only authorized users and devices have access to sensitive data. Using Entrust nShield HSMs to help secure the process of issuing certificates and proactively manage private keys creates a high-assurance foundation for digital security.
Resources
Brochures: Entrust nShield HSM Family Brochure
Entrust nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more. Available in three FIPS 140-2 certified form factors, Entrust nShield HSMs support a variety of deployment scenarios.
Entrust nShield HSM Family Brochure
FAQ: What is GDPR?
Related Solutions
PCI DSS Mandate
Requirements for the processing, storage and transmission of cardholder account data