A New Era in Data Protection

Europe's new General Data Protection Regulation (GDPR) introduces new protections for individuals and new obligations for companies that collect, use, or process EU citizens' personal information. Given the heavy fines that can result from violations, GDPR compliance should be a top priority for every organization that does business in Europe.

Unlike previous European data protection laws, the GDPR applies to any company that collects or processes the personal information of EU citizens, even if the company is headquartered outside the EU.

The law includes significant new mandates for data controllers (companies that collect personal information on EU citizens) and data processors (companies that store, transmit, or process data on behalf of data controllers):

  • Companies must obtain active consent before collecting or processing personal data
  • Individuals can request that their personal information be deleted from a company’s database, and can request copies of their data in a portable format
  • Companies must notify authorities and affected individuals within 72 hours of a data breach, unless the compromised data is protected by encryption or similar measures
  • Each company must appoint a Data Protection Officer to oversee GDPR compliance
  • Companies must build data protection into their products and services “by design and by default”

Supervisory authorities have the power to fine organizations as much as 4% of their annual top-line revenue for violations, and may impose heavier auditing and reporting obligations after a violation.

Meet GDPR Requirements with PKWARE

PKWARE’s automated data security solutions can help businesses and government entities secure sensitive data and meet the GDPR's demanding standards for data protection. PKWARE combines data discovery, classification, and protection into a single workflow, enabling organization-wide control over personal information and other forms of sensitive data.

Unlike other encryption solutions, PKWARE encrypts sensitive data the moment it is created or saved. Once encryption is applied, it stays with the data even when it is copied or moved to other user devices, file servers, or external systems. Organizations can also use PKWARE to move, quarantine, redact, or delete sensitive data based on their compliance obligations and security policies.

Data Protection by Design

PKWARE provides strong encryption, along with innovative data discovery functionality that identifies and protects data on user devices and network storage locations. Organizations can use PKWARE technology to secure their sensitive data and demonstrate compliance with GDPR mandates.

GDPR Requirement Standard
Article 17

Right to be forgotten

Upon request from an EU citizen, a data controller “shall have the obligation to erase personal data without undue delay” unless certain special conditions apply.

Organizations are also obligated to request removal of the data subject's information from any business partners they have shared the data with.

Article 25

Data protection by design and by default

Organizations must “adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default.”

These principles should be considered when “developing, designing, selecting and using applications, services and products.”

Article 32

Security of data processing

Organizations must be able to demonstrate they have taken “appropriate technical and organisational measures to ensure a level of security appropriate to the risk,” including encryption of personal data.

Article 34

Data breach notifications

Organizations must notify supervisory authorities and affected individuals within 72 hours of a data breach. However, organizations are exempt from the requirement to notify individuals if the stolen data is protected with encryption.

Implementing PKWARE

PKWARE is designed for maximum flexibility, allowing organizations to implement solutions that meet their unique data protection requirements.

PKWARE endpoint agents are installed on each device that will be used to access or store sensitive information. Agents monitor file activity and detect sensitive data as soon as it is created or saved. After detecting sensitive information, PKWARE takes action (which can include tagging, encryption, deletion, or other options) based on the organization's security policies.

PKWARE's web-based management console lets administrators create and apply encryption policies across the entire organization. In addition, PKWARE's software development kit lets organizations build strong encryption into their proprietary applications with only a few new lines of code. Organizations can also use PKWARE transparent data encryption to provide strong encryption for data at rest.

Unlike solutions that increase file sizes after encryption, PKWARE solutions include our industry-best compression technology to reduce data volumes before encryption, resulting in lower costs for data storage and transmission.