Compliance with the General Data Protection Regulation (GDPR) is required by 25 May 2018. Let Armor help your organization become ready!

Time is running short for organizations that process personal data to evidence their compliance with the GDPR.

Simply ignoring the GDPR and its compliance requirements just isn’t an option, especially when non-compliance could mean exposure to penalties and fines up to 4% of an organization’s global turnover or €20M, whichever is greater. It is essential for impacted organizations to partner with a cloud security provider capable of helping organizations comply with certain principles of the GDPR.

White Papers

‘But I Was Compliant’

No business should ever find themselves saying, “but I was compliant” after a data breach. Go beyond regulatory compliance for optimal cyber security.

What is GDPR?

The General Data Protection Regulation (GDPR) imposes strict obligations on organizations that collect, use, and protect personal data belonging to individuals in the EU, and is aimed at strengthening data security standards for those individuals. For example, the GDPR includes guidance on appropriate security standards and directly focuses on data security in Article 32: Security of Processing.

Article 32 requires organizations to “implement appropriate technical and organizational measures” taking into consideration several factors with regard to the personal data. Specificially Article 32 provides four security actions that might be considered appropriate for the risk of securing personal data:

  • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
  • The pseudonymization and encryption of personal data
  • The ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident
  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

Get ahead of GDPR compliance with Armor

  • Certified Compliant: We have the certifications to prove it: PCI DSS, HITRUST, ISO 27001, SSAE 16 SOC II and Privacy Shield Framework.
  • Built for Cloud Compliance: Our managed cloud security solutions were built to address risk-based compliance standards like GDPR and HIPAA.
  • GDPR Compliance Support: Our security team – from our analysts up to our CISO – provide 24/7/365 customized, hands-on support to help you overcome compliance challenges.

Which organizations are affected?

The GDPR is applicable to every organization that collects or processes data pertaining to EU citizens – regardless of where the organization is located.

What is the penalty for noncompliance?

GDPR levy severe penalties (up to 4% percent of a company’s global turnover or €20M, whichever is higher) and supersede all existing legislation.

WE’VE GOT YOU COVERED

Our built-in security capabilities address critical areas of GDPR compliance:

  • Intrusion Detection: detects malicious traffic that could result in data breaches
  • Vulnerability Scanning: reduces attack surface by identifying improper configurations and missing patches/updates
  • IP Reputation Management: effective first-line-of-defense in blocking IP addresses associated with threat actors
  • Web Application Firewall: provide effective detection and blocking of traffic associated with malicious application behavior such as cross-site scripts, SQL injection.
  • File Integrity Monitoring: monitors unauthorized changes to critical files
  • O/S Patching: addresses O/S vulnerabilities
  • Malware Protection: protects systems from viruses and malware
  • O/S Log Management: records history of important O/S events for response and forensics investigations
  • Security Dashboard: facilitates documentation of security posture and incident communication
  • Incident Response: provides quick and prioritized response to incidents

Gov UK Logo

Armor is approved to sell solutions through the G-Cloud 10 Digital Marketplace. UK public sector entities can receive PCI DSS-compliant managed security with, enhanced threat intelligence, automated security orchestration and machine learning managed by an elite military-trained security operations center (SOC).

Learn more about our G-Cloud 10-approved security solutions in the G-Cloud 10 Digital Marketplace.

GDPR - the New Standard for Data Security

The GDPR introduces a new standard for data security that organizations subject to the GDPR must comply. This new regulation requires that these organizations implement both organizational and technological measures to ensure the protection of this data, and is purposed to protect the privacy of individuals located in the EU

Learn more about the new data security standard and various requirements of the GDPR to understand the impact the GDPR may have on your organization.

Large, green
Notification of Data Breaches

Once an organization subject to the GDPR becomes aware of a data breach of personal or sensitive personal data, it has a 72-hour window to notify the relevant supervisory authority of the breach.Additionally, it must notify data subjects individually of any personal data breach that has a high risk to their individual rights and freedoms.

Large, green
Ability to Demonstrate Compliance

Organizations must understand the security requirements prescribed directly or indirectly by a data protection authority to demonstrate compliance. They must also align their environment and data with the secure cloud controls that meet these specific requirements.

Large, green 3 in a circle
Right to Data Portability

Data subjects have the right to data portability, which means they can request the personal data they have supplied to a controller in “a structured, commonly used and machine-readable format” to give it to another data controller.

Large, green 4 inside circle
Right of Access

Data subjects have the right to know if and when their data is transferred to a third country or an international organization, along with the safeguards in place to ensure ongoing protection of the data after transfer.

Large, green 5 in a circle
Right to Erasure (Right to be Forgotten)

A data subject has the right to request the erasure of his or her personal data held by a data controller, subject to certain conditions, This requires that organizations have a very clear legal understanding of why they are processing data, the appropriate legal bases, and when required, a technological ability to erase all affected data promptly.

Large, green 6 in a circle
Security of Processing

Data controllers are required to implement technical and organizational measures to ensure an appropriate level of security is in place for processing activities. These activities include, but are not limited to, pseudonymization, encryption and regular testing of organizational and technical measures.

Large, green 7 in a circle
Transfers of Personal Data to Third Countries or International Organizations

The GDPR outlines specific requirements governing when and where personal data can be transferred to third countries or international organizations.

Legal Disclaimer: The information provided on this website is for informational purposes only. The information is not intended to constitute legal advice and should not be relied upon in lieu of consulting with appropriate legal advisors in your own jurisdiction.