Address regulatory compliance requirements with data protection
How are you ensuring compliance?
Since 25 May 2018, GDPR is in effect. Every company that processes personal data of European residents is impacted – no matter where the company is based.
Noncompliance and mismanagement of data breaches can result in steep fines, up to 4% of global annual revenue or 20 million EUR, whichever is higher.
Is your organization ready? If you're not sure, here are 6 tips to avoid the GDPR auditor's cross-hairs.
Turn GDPR Risk into Opportunity
The key to developing a balanced GDPR strategy is recognizing where GDPR risks can be turned into opportunities. This will allow your organization to make a realistic risk analysis, leverage the opportunities GDPR affords, and determine your organization's level of GDPR readiness.Learn More
Wondering Where to Start?
Learn how to Leverage PCI Compliance as a Foundation for GDPR
Whether your organization is already PCI compliant or moving in that direction, the technologies and processes required for PCI compliance can be used as a framework for GDPR compliance.
Find out How
Address These Key GDPR Requirements:
Processing of personal data (articles 5 & 6)
Organizations have to ensure appropriate security of the personal data, including protection against unauthorised or unlawful processing.
Organizations have to ensure the existence of appropriate safeguards, which may include encryption or pseudonymisation (tokenization).
Data protection by design and by default (article 25)
Companies are required to implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles.
Security of processing (article 32)
Companies are required to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including pseudonymisation and encryption of personal data.
Communication of a personal data breach to the data subject (article 34)
If a breach results in the exposure of unprotected data, organizations will have to communicate the data breach. However, if the data was protected with appropriate measures, like tokenization or encryption, a data breach notification will not be required.
The ideal solution for GDPR compliant data protection
GDPR requires that sensitive data be protected while in motion or at rest and that applicable breaches be reported within 72 hours of discovery.
Data-centric security protects the data itself so that it's always safe;
no matter if you move it, use it, leave it, or lose it.
GDPR Compliance Success Story:
Mercury Processing Services International
MPSI chose data-centric security to fulfill key GDPR and PCI requirements.
“We were very satisfied with comforte’s readiness to handle whatever requests we had, wherever and however they arose. Their dedication and diligence were essential to this project’s success.”
Any organization involved with the processing, transmission, or storage of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Compliance must be validated periodically. Failure to comply can result in fines or the termination of the ability to process card payments.
comforte data protection addresses one of the most important PCI requirements:
“Render PAN (Primary Account Number) data unreadable anywhere it is stored.”
(PCI DSS requirement 3.4)
Reduce Your Scope
comforte’s vaultless tokenization completely replaces PAN data in your environment and stores tokens in your database instead.
As you no longer store PAN data on your systems, you reduce your PCI scope and corresponding compliance cost.
What is Good for You is Good for Your Customers & Partners
Extend PCI scope reduction with data protection that goes beyond corporate boundaries:
By exchanging tokenized data instead of PANs, organizations can help their partners and customers to reduce PCI scope.