General Data Protection Regulation Compliance Solutions
In May 2018, all entities that processed personal data of persons residing in the European Union were required to comply with a set of rules on personal data consumption known as GDPR. As a unique crypto-technology that anchors data consumption within network boundaries, DAtAnchor serves as a backstop against inevitable breaches. This GDPR compliance solution allows users to consume data without giving them the ownership of it.
How DAtAnchor Helps You Become GDPR Compliant
DAtAnchor works seamlessly with existing solutions and communication platforms by adding complementing protection against inevitable human error. Businesses transfer and store an amazing amount of data each day, but some of that information needs further protection. DAtAnchor works by establishing unique access boundaries and only allowing established users who meet specific conditions access the sensitive data. This gives organizations full control over who gets access, where the information goes and what can be done with it.
Implementation requires the installation of a lightweight agent in the users’ devices. All other components of DAtAnchor can be implemented via the cloud and provided as a SaaS solution, making large-scale integration simple. Through the DAtAnchor Heartbeat and Anchor services, data is protected:
The Heartbeat Service
- Enables efficient and automated data governance by providing the client with secured gateways to access files in the cloud or database, supported by user logs with full visibility into data usage.
- By context-based, dynamic access control, it enables revocation of unauthorized data access, even post breach.
- Plaintext never leaves network boundaries. All data remains encrypted outside of defined contexts; therefore, unauthorized data transfer or exfiltration does not mean data loss.
The Anchor Service
- Achieves strong encryption through automated local key management
- Secures all kinds of data by anchoring the attacker inside the network
- Identifies unusual activity and throttles data access to limit data loss
What Is GDPR, Who Does It Affect & How Can Lack Of Compliance Impact an Organization?
GDPR provides additional legal digital privacy rights for individuals and extends the scope of responsibility for data controllers and processors. GDPR applies to all businesses, as long as they offer goods and services to data subjects in the EU, including any institution that has employees, customers or partners in the EU. It also increases fines up to 4% of an organization’s worldwide annual turnover in the previous year if they fail to reach compliance.
The Real World Importance of GDPR
Data breaches are increasingly more common occurrence suffered by large and mid-sized enterprises. Almost all breaches endured lead to a major data loss. As hackers become more sophisticated with their digital attacks and internal threats begin to rise, breaches are bound to happen; businesses need to be prepared to manage breaches and mitigate the associated data losses. Existing solutions are not robust enough to manage these risks, track, control and fully revoke unauthorized data access. As a result, most businesses fail to comply with new regulation (GDPR). DAtAnchor exists to help organizations of all sizes reach GDPR compliance and further protect themselves from external threats and loss.
DAtAnchor Provides Solutions to Many Aspects of GDPR Compliance, Including:
- Ownership of sensitive files can be revoked, even after a breach is committed. Businesses are able to prove a secure breach (i.e., lost data remains encrypted) and do not need to disclose breaches to data owners per GDPR (Article 34).
- Consumption of data is limited within predefined location contexts. Creation of such contexts enables secure gateways between electronic processing systems, making it possible for businesses to enable data portability (Article 20) over a secure and dynamically configurable infrastructure.
- Data access flow is controlled to force the attacker to remain within the network boundaries, rendering them vulnerable to detection. Fines associated with lost data are closely related to the volume of data lost (Article 83). DAtAnchor reduces this number by multiple orders of magnitude with its novel key unlocking throttling mechanism.
- Extensive user and data activity logs enable granular monitoring for audit purposes. This helps businesses meet the 72-hour deadline for full reporting and notification of a breach and offers access logs to be made available to authorities upon request (Article 33).