What is GDPR?
The General Data Protection Regulation (GDPR) imposes new rules that significantly change the data privacy landscape in the European Union (EU).
The new law, which takes effect on May 25, 2018, affects all organizations that offer goods and services or collect and analyze data tied to EU residents, regardless of the organization’s location.
The goal of GDPR is to strengthen and unify data protection by clearly defining the responsibilities of data controllers and data processors.
Preparing for GDPR
One challenge posed by GDPR is understanding your responsibilities as a data controller. Another is understanding what data falls under the regulation, where it lives, and your specific obligations in relation to its protection. Because most critical business processes are digital, there can be an abundance of information and data flows that you must now understand and account for to remain compliant.
Breaking down GDPR into a few core concepts can help you understand your organization’s data footprint and compliance posture:
Define what information across your business is classified as personal data, and fully understand how that data is stored and processed across your suppliers, partners, and third-party vendors. This process will reveal your data footprint.
Data Security and Control
Once you know your data footprint, identify the security controls needed to protect this information and minimize risk. This process accounts for data stored internally, as well as an audit of controls used by suppliers, partners, and vendors.
Data Retention and Deletion
Understand how long you need to retain data under GDPR. Many industries are subject to regulations that map out specific time frames, while others may need to define retention requirements based on internal factors.
Zscaler as a GDPR partner for your compliance efforts
As a security-as-a-service provider, data privacy and security is core to Zscaler’s business and something Zscaler takes very seriously. We are committed to helping you successfully comply with GDPR requirements through a strong partnership between Zscaler (data processor) and your organization (data controller).
Zscaler ensures confidentiality and availability by storing a limited amount of personal data, like IP address, URLs, and user IDs, and does not process or store any special categories or “sensitive” data. The Zscaler cloud platform has been architected to do all inspection in memory; transactional content is never stored or written to disk.
Since Zscaler operates a multi-tenant cloud, it has certified to the ISO 27001 framework in order to maintain consistent and robust security controls. Zscaler encrypts all traffic communication within its could, and implements strict security controls such as antivirus, firewalls, vulnerability scanning, penetration testing, and security code peer reviews.
Zscaler teams have thoroughly analyzed GDPR to ensure that our services and agreements align with the new regulations, and we are committed to assisting you in your compliance efforts as well. We have developed a tool for customers to better understand what exactly they need to do to comply with the GDPR as the data controller, and what they can expect from Zscaler as the data processor. View the chart here (PDF).
How the Zscaler Architecture enables
your GDPR compliance efforts
Built from the ground up as a true multi-tenant cloud platform, the Zscaler architecture delivers the highest standards of data security. There are several design factors that make the Zscaler cloud unique.
Transactional data is only stored in memory and never written to disk. Customers can choose to have logs written to disk in a physical location that complies with regional regulations.
Zscaler Nanolog technology is designed to index, compress, and tokenize customer transaction logs, which, on their own, are meaningless. Only a customer with a full log history and access to the Zscaler Central Authority can assemble meaningful personal data within the Zscaler interface.
Full SSL inspection
Native SSL inspection is built into the Zscaler platform. With unlimited capacity to scale SSL inspection as traffic grows, you can deliver unmatched security controls and visibility to personal data across all of your organization’s encrypted communications.
Read how Zscaler handles customer data and delivers compliance for GDPRRead the GDPR Statement
Understand where to start with GDPR and what key aspects you need to track in order to achieve and maintain complianceRead the Webcast
Read why GDPR is an opportunity for greater data hygieneRead the Blog