Documente Academic
Documente Profesional
Documente Cultură
Halt data
breaches on all
clouds
Eliminate
privileged
user misuse
Remove costly
infrastructure air
gaps
Avoid data
sovereignty
landmines
When
Goes into full force on
May 25, 2018. Different
member states may
add some variations or
additional
requirements.
Impact
Enforcement is backed by substantial fines, some based
on 2%-4% of corporate revenue in EU.
Allows EU citizens to challenge companies and shift
burden onto the service providing company for
proof/response to privacy and security.
Affects a range of technology systems including data
storage and collection, data encryption, and frameworks
for privacy processes (through policy and privacy
specialists).
Still unclear with Britain leaving the EU but most likely
following GDPR will still be more stringent than any local
guidelines.
Summary Description
Challenges
Transparency
Consent/Data Quality
Note there are numerous other areas of challenges but these are most technically
challenging for cloud enabled organizations.
Automatic
Insiders
Self-Regulating
Platform
Agnostic
Instant Proof
Workload needs
portable policy to
protect and
enforce
compliance itself
[Data Sov.]
Implement a
platform agnostic
solution which
will work across
any provider or
workload type
(virtual machine,
SDDC, containers,
etc..)
[All use cases]
Ensure proof of
compliance is fast,
easy, and multicloud ready
[All use cases]
Bottom line: Regardless of who is hosting your data, YOU are responsible for it.
Be proactive and not rely on the provider or specific technology to protect your
data.
NDA Material, Confidential and Proprietary
HyTrust Capability
Transparency
Codify the privacy policy through data and admin policy engine
Data Protection. Policy actions and workload response can all
and enforce through workload policy. Monitor and execute
be monitored and provide instant response to an audit.
immediate policy change propagation across all workloads/clouds.
Consent/Data Quality
Security enforcement
of Privacy
HyTrust / Customer
Options
Requirement Summary
Article 32 Security of
processing
Article 24 Responsibility of
the controller
When
EU member states have
21 months comply and
then 6 months to
identify critical
infrastructure operators
(May 2018)
Impact
Lays out specific technical guidance on critical
infrastructure entities including energy, banking,
healthcare, transport sector organizations that are vital to
the EU member state government
Increased transparency and information sharing
requiring faster analysis and reporting by affected
organizations
Critical infrastructure identified operators will have a
higher cyber security standard and be specifically
responsible for prevention of risks and incident response
Directive Summary
(46) Risk-management
measures
Thank You