GDPR | Fortanix

Overview

The General Data Protection Regulation (GDPR) is considered one of the most stringent privacy and security laws in the world. The regulation came into effect on May 25, 2018. It was drafted by the European Union (EU).

The GDPR applies to any organization even if they are not present in the EU if they process personal data of EU citizens or residents or offer products and services in the region.

Fines for violating the GDPR are very high. With two tiers of penalties, which max out at €20 million or 4% of global revenue (whichever is higher), and an option for data subjects to seek compensation for damages.

In today’s data-centric world that is marred by constant data breaches and personalization of the web, individuals have been left wondering how their data is used and misused. GDPR can be best thought of as a legal framework to enforce effective, and practical data protection for personal data.

WhatWe Do?

Encryption and Tokenization

Fortanix helps enterprises secure their sensitive data and achieve privacy compliance with a cloud-based integrated solution for Tokenization, Key Management and Encryption.

Quorum approval and Geo-fencing for keys

Fortanix Key Management Service supports quorum approval for multi-signature. Organizations can adopt policies based on the location of data with per key geo-fencing for compliance with GDPR.

Centralized tamper proof audit

Fortanix Key Management Service logs every action performed by data processors and the data controller into a centralized audit log. Integrate a data access audit trail to a corporate SIEM or similar platforms.

Featured Resource

Whitepaper: Understanding GDPR beyond buzzwords and 4 practical steps to meet compliance.

Read the whitepaper

How Fortanix can help you meet GDPR compliance

Secure encryption keys inside FIPS Level 3 HSM appliance

Data can be encrypted anywhere, with the keys secured inside a FIPS Level 3 appliance which is always under control of the data processor, with RBAC controls, crypto policies, etc.

Fine-grained access controls for users and data

Only the authorized processor gets access to the required data and only for the duration for which a business case exists as required by GDPR.

Data Protection at-rest

Fortanix offers various products to help secure your data at-rest by enabling solutions such as Transparent Data Encryption for various databases, Cloud Key Management for server-side encryption for cloud native databases, in-flight transparent encryption to enable client-side encryption for clouds and SaaS along with hardened FIPS 140-2 Level 3 compliant key management.

Reduce scope of sensitive data and adopt privacy by design.

Certain kinds of personal data should be tokenized or anonymized for better privacy. Fortanix offers these features built in. Fortanix also offers data masking which allows organizations to mask sensitive data before they are processed, greatly reducing GDPR compliance surface.

With more countries introducing modern privacy laws in the same vein as the General Data Protection Regulation (GDPR), the world has reached a threshold where the European baseline for handling personal information is now the de facto global standard. quote-right

Nader Henein
Research Vice President,
Gartner
Gartner Press Release, September 2020.