General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) – Not Just Any Law

The GDPR isn’t just any regulation. GDPR will be the strictest compliance regulation to date. Controllers or processors found in violation of GDPR could be fined up to 20M euros or 4% of their worldwide revenue-whichever is greater. With tighter controls and significantly higher penalties, the new compliance law is poised to enforce the protection of European citizens’ private data like never before-forever impacting the way EU and U.S. organizations handle their data.

The Challenge

The changes that GDPR requires will take considerable time and budget to develop and implement, so organizations need to start the process of upgrading their personal data security processes now. It’s estimated that achieving full compliance will take anywhere from several months to well over a year depending on an organization’s size, complexity, and current privacy maturity level.

Being prepared to comply with GDPR will likely require significant changes to organizations’ policies as well as investments in new security and privacy tools, frameworks, technologies, and personnel.

With a compliance deadline right around the corner, organizations need to get started today, if they have not already.

GDPR – Getting Started

Preparing for GDPR involves creating, reconfiguring, and beefing up many aspects of organizations’ current data security and compliance programs. While many of these areas will overlap for GDPR and other compliance regulations, GDPR compliance requires organizations to pay particular attention to three new GDPR requirements as outlined below:

HyTrust Accelerates GDPR Compliance

HyTrust has already begun helping organizations to prepare for the looming radical changes to the compliance landscape with data security best practices and solutions that mitigate risks of a breach in any environment, including private, public hybrid and multi-cloud platforms.

HyTrust GDPR Lifecycle Solutions

HyTrust has architected a state-of-the-art lifecycle approach that automates the protection of virtual machines and data so GDPR conformance can more easily be achieved while retaining the agility and IT cost savings benefits of a virtualized cloud infrastructure.

HyTrust solutions supported by our Cloud Security Policy Framework (CloudSPF) looks holistically at the GDPR lifecycle process and provides capabilities that address each phase of that lifecycle from helping organizations understand where their GDPR sensitive data is located, who is accessing the data and when — to encrypting data-at-rest across any cloud platform and allowing organizations to own and manage their own encryption keys on premises with no impact to performance or business operations.

With our flexible logical boundary enforcement capabilities, we also enable organizations to allow GDPR sensitive workloads and the data inside those workloads to only run and be decrypted on trusted hardware in specific locations.  Leveraging these capabilities will make organizations much better prepared to respond to the most significant and strictest data privacy compliance mandates to date.