It’s finally May. We’ve all been counting down the months and weeks before the May 25th deadline hits. A lot of companies have been in a scramble about GDPR trying to figure out what they need to know, what they need to change, and how big of a project this is. For our customers, the change has been a little less hectic. One key reason is that we’re built with compliance and privacy as the foundation of our product and company. Keeping our customers aligned with those regulations are a top priority. But let’s take a closer look at this regulation and how we’re helping our customers stay on top of their global security game.

One more time, what is the General Data Protection Regulation (GDPR) and why should I care?

The EU General Data Protection Regulation is based on the same privacy principles set by the Organisation for Economic Co-operation and Development (OECD) back in 1980. The GDPR is in place to protect personal data of EU citizens and the fundamental human right of privacy, but updated to better align with the technology-driven world we have today.

The importance of updating this piece of regulation is that it extends the boundaries of its jurisdiction. In short, compliance is mandated by all companies processing and controlling (aka the cloud) personal data of subjects residing in the Union, regardless of the company’s location. Whereas before the directive was vague about what territories processing data were applicable, the GDPR makes it very clear.

To over simplify, if you’re a company that sells goods and services (online or in person) to a Union citizen, even a hospital processing a patient visiting from overseas, you’re subject to GDPR.

Are there GDPR penalties or something?

With new regulations comes new responsibilities, and yes, a tiered approach to violations. If you’re a start-up you’ll want to pay attention, you may end up paying a big price for not meeting these standards.

The maximum fine for companies under GDPR who are in violation of the regulation can be faced up to 4% of annual global turnover or 20 million euro (whichever is more). There are lesser fines depending on the infraction. For example; a 2% fine can be given for companies that don’t have their records in order, not notifying the proper authority and the data subject about a breach, or not issuing an impact assessment.

How does tCell help with GDPR Compliance?

So let’s break down how we’re helping our customers stay compliant with GDPR…

Article 25: Data Protection by Design and Default
tCell’s cloud analytics platform collects a variety of threat intelligence data through the application agents and strips PII from its data streams. tCell is designed to implement data-protection principles, such as data minimisation, as PII does not pertain to the act of securing the application.

Article 32: Security of Processing
tCell’s application security monitoring, detection, and blocking provides security and DevOps teams the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. This is achieved through tCell’s instrumentation of the application in the browser, app and web server to protect against data breaches in real-time.

Article 33: Notification of a Personal Data Breach to the Supervisory Authority tCell’s security monitoring alerts security and DevOps teams about data breaches as they happen.

Article 34: Communication of a Personal Data Breach to the Data Subject
tCell integrates with a variety of incident response and security orchestration tools that can trigger workflows to notify the data subject of the breach within the 72 hour window.

Article 35: Data Protection Impact Assessment
tCell’s cloud platform gives investigation teams the security logs needed to trace suspicious activity over long periods of time to recreate the attack. tCell gives insight into the attack for better understanding of the attack origin and impact of a data breach.

tCell Customers and GDPR

With our customers sprawled across every vertical from global security software, financial services, to hospitals and healthcare, we take compliance very seriously. We strive to make security, as a whole, much easier for security, operations and developers. If you’d like to learn more about how tCell helps companies align with compliance regulations like GDPR, HIPAA, SOC2, and PCI DSS, let us know!

 

Additional resources:

https://www.impact-advisors.com/security/gdpr-compliance-us-healthcare-organizations-need/ https://www.eugdpr.org/ https://aws.amazon.com/compliance/gdpr-center/ https://www.experian.com/blogs/ask-experian/what-you-should-know-about-companies-and-data-breaches/
http://www.privacy-regulation.eu/en/article-25-data-protection-by-design-and-by-default-GDPR.htm