Schedule a demo
See how you can maintain an inventory of regulated data and provide regulators proof of 24/7 data monitoring, fulfillment of right-to-be-forgotten requests at endpoints, and policy enforcement.
Provide evidence to auditors of steps taken to secure the confidentiality of customer information collected and protect it against threats and unauthorized access.
The General Data Protection Regulation (GDPR) is considered the world’s strongest set of data protection regulations. It unifies data privacy laws across EU member countries, and signals Europe’s firm stance on data privacy. GDPR was adopted by both the European Parliament and European Council in April 2016 and became enforceable as of May 2018.
The Regulation is far-reaching, covering every aspect of data usage, including collection, storage, retrieval, alteration, and destruction. It also creates personal liability for “controllers” and “processors” and establishes clear rights for consumers to take action if information is being abused.
Following Brexit, the rules no longer apply to data being collected on UK-based consumers. Personal data collected on residents of the UK are now subject to the 2018 Data Protection Act. However, in practice, the same core data protection principles, rights and obligations of GDPR still exist.
The GDPR applies to processing carried out by organizations operating within the EU. It also applies to organizations outside the EU that collect data from, advertise to, or serve residents of the EU, as well as businesses that process data in the EU.
For the GDPR to be applicable, businesses do not need to have European customers or be actively targeting European customers. Intention to offer goods and services (such as worldwide shipping, even without explicitly mentioning the EU), necessitates compliance with the GDPR – even without any economic activity.
The GDPR’s jurisdiction does not apply to businesses where the data controller is:
The GPPR defines personal data as:
“An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Although a full list is not provided, under the definition above, personal data is any information that relates to an individual who can be directly or indirectly identified. This includes: name, email address, financial data, location information, ethnicity, gender, biometric data, religious beliefs, web cookies, political opinions – and any other personally identifiable data.
The in-depth guidelines for meeting GDPR compliance are organized around the following 7 principles:
Among other rules, the GDPR stipulates that businesses must:
Under the GDPR, “data subjects” have the following privacy rights:
In Article 83 of the GDPR, the EU outlines the infractions and administrative fines that are a part of the GDPR. Each country has its own independent Data Collection Authorities who use the criteria to determine the fine associated with an infraction.
The GDPR splits the infractions into two tiers, each with its own fine limitations:
See how you can maintain an inventory of regulated data and provide regulators proof of 24/7 data monitoring, fulfillment of right-to-be-forgotten requests at endpoints, and policy enforcement.
Upload a file to experience Qostodian’s turbocharged scanning engine.
Experience the data security platform that scans data elements and cross-references user behavior to help you nail compliance and identify sensitive data risk.
Qohash’s Qostodian platform finds, inventories, and continuously monitors individual data elements across workstations, attached and shared drives, and Microsoft 365 cloud apps.
Monitor employee interactions with sensitive data 24/7, with a modern, intuitive SaaS data security platform, offered for a one-time predictable fee.