The GDPR compliance deadline is set for May 25, 2018. Are you ready?

Time is running short for organizations with EU citizen PII data to ensure they’re GDPR-compliant – even if they’re not physically located in the EU.

Ignoring GDPR compliance isn’t an option, especially when non-compliant organizations could face fines up to 4% percent of their global turnover or €20M, whichever is higher. It’s essential to partner with a cloud security provider capable of guiding you through the complexity of GDPR.

Get ahead of GDPR compliance with Armor.

  • Certified Compliant: Security that delivers. And, we have the certifications to prove it: PCI DSS, HITRUST, ISO 27001, SSAE 16 SOC II and Privacy Shield Framework.
  • Built for Cloud Compliance: Our managed cloud security solutions were built to address risk-based compliance standards like GDPR and HIPAA.
  • GDPR Compliance Support: Our security team – from our analysts up to our CISO – provide 24/7/365 customized, hands-on support to help you overcome any compliance challenge.

The clock is ticking for GDPR compliance, get ready for this new era of EU-based data security with managed cloud services and compliance expertise from The First Totally Secure Cloud Company™.

White Papers

‘But I Was Compliant’

No business should ever find themselves saying, “but I was compliant” after a data breach. Go beyond regulatory compliance for optimal cyber security.

We’ve Got You Covered

Our built-in security capabilities address critical areas of GDPR compliance:

  • Intrusion Detection: detects malicious traffic that could result in data breaches
  • Vulnerability Scanning: reduces attack surface by identifying improper configurations and missing patches/updates
  • IP Reputation Management: effective first-line-of-defense in blocking IP addresses associated with threat actors
  • Web Application Firewall: provide effective detection and blocking of traffic associated with malicious application behavior such as cross-site scripts, SQL injection.
  • File Integrity Monitoring: monitors unauthorized changes to critical files
  • O/S Patching: addresses O/S vulnerabilities
  • Malware Protection: protects systems from viruses and malware
  • O/S Log Management: records history of important O/S events for response and forensics investigations
  • Security Dashboard: facilitates documentation of security posture and incident communication
  • Incident Response: provides quick and prioritized response to incidents

What is GDPR?

The General Data Protection Regulation (GDPR) is a set of mandated activities aimed at strengthening data protection for EU citizens. In regard to data protection, GDPR includes a specific article for data security – Article 32: Security of Processing.

Article 32 is risk-based, like HIPAA. As a result, in lieu of prescriptive security controls, Article 32 provides four broad-level, proactive requirement for organizations processing EU citizen PII.

Article 32 requirements:

  • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
  • The pseudonymization and encryption of personal data
  • The ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident
  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

Which organizations are affected?

The GDPR is applicable to every organization that collects or processes data pertaining to EU citizens – regardless of where the organization is located.

What is the penalty for noncompliance?

GDPR levy severe penalties (up to 4% percent of a company’s global turnover or €20M, whichever is higher) and supersede all existing legislation.

GDPR Requirements

GDPR introduces a set of core requirements for organizations controlling or processing personal data for EU residents. These regulations are intended to protect the rights of EU citizens with respect to their personal data. GDPR compliance requires both organizational and technological measures.

Learn more about the specific requirement of GDPR and what they mean for your organization.

Large, green
Notification of Data Breaches

Once an organization becomes aware of a data breach of personal or sensitive personal data, it has a 72-hour window to notify the relevant supervisory authority of the breach. Additionally, they must individually notify data subjects of any breach that presents a high risk to their individual rights and freedoms.

Large, green
Ability to Demonstrate Compliance

Organizations must understand the security requirements prescribed directly or indirectly by the regulating party to demonstrate compliance. They must also align their environment and data with the secure cloud controls that meet these specific requirements.

Large, green 3 in a circle
Right to Data Portability

Data subjects have the right to data portability, which means they can request the personal data they have supplied to a controller. Data must be delivered in “a structured, commonly used and machine-readable format” in order to transfer aforementioned personal data to another data controller.

Large, green 4 inside circle
Right of Access

Data subjects have the right to know if and when their data is transferred to a third country or an international organization. Safeguards are required to ensure ongoing protection of the data after transfer.

Large, green 5 in a circle
Right to Erasure (Right to be Forgotten)

A data subject has the right to request the erasure of personal data held by a data controller, subject to certain conditions. This action requires that organizations establish a clear legal understanding of why they are processing data, the appropriate legal basis, and when required, a technological ability to erase all affected data promptly.

Large, green 6 in a circle
Security of Processing

Data controllers are required to implement technical and organizational measures to ensure an appropriate level of security is in place for processing activities. These activities include, but are not limited to, pseudonymization, encryption and regular testing of organizational and technical measures.

Large, green 7 in a circle
Transfers of Personal Data to Third Countries or International Organizations

The GDPR outlines specific requirements governing when and where personal data can be transferred to third countries or international organizations.