What’s GDPR and Why You Should Care?
The European Union’s General Data Privacy Protection regulation institutes wide-sweeping changes to data privacy for any business collecting and processing data on EU citizens, residents, and visitors. It gives data subjects greater rights and control over their personal information and requires that businesses meet stringent data privacy protection measures as outlined in the GDPR.
The GDPR goes into effect May 25, 2018 and businesses found in non-compliance face a fine of up to €20 million or 4 percent of annual revenue, whichever is greater. If you have not yet begun your GDPR compliance process, Imperva can help you meet key security requirements.
The GDPR is complex. Imperva cuts to the chase.
Imperva provides a comprehensive solution that allows you to accelerate compliance with mulitple GDPR data security requirements.
Data discovery and classification
The GDPR requires organizations to create and maintain a detailed inventory of personal data, and then classify that data. Imperva helps you to understand where databases are located and what type of information they hold; find unknown databases by automatically scanning enterprise networks; create and maintain a detailed, real-time inventory of data scattered across your organization; and enable automated, scheduled scans and holistic identification of sensitive data.
Pseudonymizing personal data
Under the GDPR, you are required to practice data minimization, which means the data you collect and use is limited to only what is necessary for a specific purpose. Imperva Camouflage helps you fulfill the GDPR pseudonymization requirement through data masking; eliminates risk of sensitive data loss by replacing real data with realistic fictional data; and limits the spread of personal data beyond “need-to-know.”
Breach detection and incident response
Imperva SecureSphere monitors data access and identifies suspicious events; documents detailed what/where/when of incident findings, and leverages advanced machine learning to prioritize truly worrisome incidents. . On-demand reporting ensures you can provide information within the required GDPR reporting deadlines. To keep you fully covered, Imperva CounterBreach applies the same robust security against internal threats to data, and alerts to abnormal user access.
Security of processing
The GDPR mandates that those handling data need to introduce appropriate technical and organizational measures to secure the data. Imperva identifies security holes in your databases and assesses vulnerability; tracks and manages vulnerabilities and prioritizes remediation efforts; audits sensitive data by monitoring who is accessing what data in real time; and prevents data theft from external attacks and insider threats by monitoring data access activity.
Enforcing cross-border data transfer policies
Don’t move that data. You cannot transfer data beyond the EU/EEA unless you meet certain data protection requirements. Imperva SecureSphere controls the use and transport of data with ongoing data discovery and classification, and policies that inspect database traffic and alert to potential violations. SecureSphere uses sophisticated analysis of IP addresses, LDAP, and other metadata to pinpoint query origin, and blocks transactions or user connections when unauthorized access occurs. It helps you enforce requirements outlined on model contracts or Binding Corporate Rules.
Why choose Imperva for GDPR compliance?
I personally would recommend Imperva... It brings world-class support, best-of-breed technology, and truly a solution that I think is cutting edge to a high-risk environment.Ross Bobenmoyer VP of Information Security, Republic Bank