General Data Protection Regulation (GDPR) Compliance

Thales enables compliance with key provisions of the GDPR, strengthening organizations' security postures while helping them avoid financial penalties. (#FITforGDPR)
General Data Protection Regulation (GDPR)

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens -- regardless of where the organization is headquartered.

Thales can help you comply with the critical Article 5, 32 and 34 GDPR rules related to:

  1. The unauthorized access to personal data
  2. The pseudonymisation and encryption of personal data
  3. Assessing the effectiveness of your security measures

Regulation Overview

The General Data Protection Regulation is here. The GDPR is designed to improve personal data protections and increase organizational accountability for data breaches. With potential fines of up to four percent of global revenues or 20 million EUR (whichever is higher), the regulation certainly has teeth. No matter where your organization is located, if it processes or controls the personal data of EU residents, you need to be ready.
Specific Requirements

Some of the key provisions of the GDPR require organizations to:

  1. Process personal data in a manner that ensures its security, “including protection against unauthorised or unlawful processing” (Article 5)
  2. Implement technical and organizational measures to ensure data security appropriate to the level of risk, including “pseudonymisation & encryption of personal data." (Article 32)
  3. Have in place "a process for regularly testing, assessing and evaluating the effectiveness of technical & organizational measures for ensuring the security of the processing."
  4. Communicate “without undue delay” personal data breaches to the subjects of such breaches "when the breach is likely to result in a high risk to the rights and freedoms" of these individuals. (Article 34)
  5. Safeguard against the "unauthorized disclosure of, or access to, personal data." (Article 32)

Compliance

Data discovery and classification

The first step in protecting sensitive data is finding the data wherever it is in the organization, classifying it as sensitive, and typing it (e.g. PII, financial, IP, HHI, customer-confidential, etc.), so you can apply the most appropriate data protection techniques. It is also important to monitor and assess data regularly to ensure new data isn’t overlooked and your organization does not fall out of compliance.

Thales’ CipherTrust Data Discovery and Classification efficiently identifies structured as well as unstructured sensitive data on-premises and in the cloud. Supporting both agentless and agent-based deployment models, the solution provides built-in templates that enable rapid identification of regulated data, highlight security risks, and help you uncover compliance gaps. A streamlined workflow exposes security blind spots and reduces remediation time. Detailed reporting supports compliance programs and facilitates executive communication.

Strong access management and authentication

Thales Access Management and Authentication solutions provide both the security mechanisms and reporting capabilities organizations need to comply with data security regulations. Our solutions protect sensitive data by enforcing the appropriate access controls when users log into applications that store sensitive data. By supporting a broad range of authentication methods and policy driven role-based access, our solutions help enterprises mitigate the risk of data breach due to compromised or stolen credentials or through insider credential abuse.

Support for smart single sign on and step-up authentication allows organizations to optimize convenience for end users, ensuring they only need to authenticate when needed. Extensive reporting allows businesses to produce a detailed audit trail of all access and authentication events, so they can prove compliance with a broad range of regulations.

Protection of sensitive data at rest

The CipherTrust Data Security Platform is an integrated suite of data-centric security products and solutions that unify data discovery, protection, control, and access monitoring in one platform.

  1. Discover: An organization must be able to discover data wherever it resides and classify it. This data can be in many forms: files, databases, and big data, and it can rest across storage on premises, in clouds, and across back-ups. Data security and compliance starts with finding exposed sensitive data before hackers and auditors. The CipherTrust Data Security Platform enables organizations to get complete visibility into sensitive data on-premises and in the cloud with efficient data discovery, classification, and risk analysis.
  2. Protect: Once an organization knows where its sensitive data is, protective measures such as encryption or tokenization can be applied. For encryption and tokenization to successfully secure sensitive data, the cryptographic keys themselves must be secured, managed and controlled by the organization. The CipherTrust Data Security Platform provides comprehensive data security capabilities, including file-level encryption with access controls, application-layer encryption, database encryption, static data masking, vaultless tokenization with policy-based dynamic data masking, and vaulted tokenization to support a wide range of data protection use cases.
  3. Control: The organization needs to control access to its data and centralize key management. Every data security regulation and mandate requires organizations to be able to monitor, detect, control, and report on authorized and unauthorized access to data and encryption keys. The CipherTrust Data Security Platform delivers robust enterprise key management across multiple cloud service providers (CSP) and hybrid cloud environments to centrally manage encryption keys and configure security policies so organizations can control and protect sensitive data in the cloud, on-premise and across hybrid environments.
  4. Monitor: Finally, the enterprise needs to monitor access to sensitive data to identify ongoing or recent attacks from malicious insiders, privileged users, APTs, and other cyberthreats. CipherTrust Security Intelligence logs and reports streamline compliance reporting and speed threat detection using leading Security Information and Event Management (SIEM) systems. The solution allows immediate automated escalation and response to unauthorized access attempts and provides all the data needed to build behavioral patterns required to identify suspicious usage by authorized users.
Protection of sensitive data in motion

Thales High Speed Encryptors (HSEs) provide network independent data-in-motion encryption (Layers 2, 3, and 4) ensuring data is secure as it moves from site-to-site, or from on-premises to the cloud and back. Our HSE solutions allow customers to better protect data, video, voice, and metadata from eavesdropping, surveillance, and overt and covert interception—all at an affordable cost and without performance compromise.

Protection of cryptographic keys

Luna HSMs from Thales provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption, and more. Available in three FIPS 140-2 certified form factors, Luna HSMs support a variety of deployment scenarios.

In addition, Luna HSMs:

  1. Generate and protect root and certificate authority (CA) keys, providing support for PKIs across a variety of use cases
  2. Sign your application code so you can ensure that your software remains secure, unaltered, and authentic
  3. Create digital certificates for credentialing and authenticating proprietary electronic devices for IoT applications and other network deployments

Related products

Luna General Purpose HSM

Versatile and compact, entry-level 10 Mbps-1 Gbps network encryptors provide security without comprising network performance.
Provides optical Ethernet interface encryption in a versatile, compact platform for a range of Fibre to the x (FTTx) configurations up to 1 Gbps.

CipherTrust Data Security Platform

Addressing the security and performance demands of the largest, most performance-intensive environments, including those of enterprises, government agencies, and cloud service providers, the CN6000 Series encryptors offer variable-speed licenses up to 10 Gbps.

High Speed Encryption

Delivering 100,000,000,000 bits per second of high-assurance and ultra-low latency, the CN9000 Series provides mega data security (100 Gbps) and high speed network performance with the lowest latency in the industry (<2µs).
100 Gbps encryptor provides security without compromise for big, or even mega data transmitted over networks across data centers and the cloud.

OneWelcome Identity & Access Management

Addressing the security and performance demands of the largest, most performance-intensive environments, including those of enterprises, government agencies, and cloud service providers, the CN6000 Series encryptors offer variable-speed licenses up to 10 Gbps.

/ Try It now

Wherever your data resides we can help you own your data

Get a Demo
Products
Payment HSMGeneral Purposed HSMData SecuritySecure File SharingNetwork Encryption
Services
ConsultingSupport & MaintenanceDeployment & InstallationRenew & WarrantyTraining & TransformationHardware Replacement
Company
About usNews & EventsCustomersCareers
Resources
BlogsCase StudiesDocuments
Follow Us on
Copyright © 2024 HPID. All rights reserved
DisclaimerSitemapTerms & ConditionsPrivacy Policy