Ensure data protection and privacy with robust, GDPR-compliant security
Protect confidentiality and availability of sensitive and personal data
Maintain safeguards for control, enforcement, and logging
Confidently meet your obligations as a data controller
GDPR Definition
What is the GDPR?
The General Data Protection Regulation (GDPR) is a key data privacy standard in the European Union. It defines how organizations worldwide must collect and process the personal data of EU citizens and residents, aiming to:
Protect the privacy and security of individuals' personal data
Enforce lawfulness, fairness, and transparency in data handling
Improve EU citizens' control over their personal data and its portability
Standardize data protection laws across EU member nations
In place since 2018, the GDPR has affected the data privacy landscape around the globe, inspiring similar laws in California (CCPA), China (PIPL), India (DPDP), and elsewhere.
Understanding the GDPR
Know your role in GDPR compliance
To comply with GDPR requirements, you need to understand your responsibilities as a data controller, where you store the data to which the GDPR applies, and your specific obligations. Most of today's critical business processes are digital, which creates a massive amount of data and data flows you must understand and account for to stay compliant.
To fully grasp your organization's data footprint and compliance posture, you can break down the GDPR into a few core concepts:
Data flows
Define what data across your organization is classified as personal data, and understand how it is stored and processed across your third-party suppliers, partners, and vendors. This will reveal your data footprint.
Data security and control
Once you know your data footprint, identify the security controls needed to protect this data and minimize risk. This accounts for data stored internally, as well as an audit of controls used by third parties.
Data retention and deletion
Understand how long you need to retain data under the GDPR. Many industries already have their own specific regulations, while others may need to define requirements based on internal factors.
Your Compliance Partner
Our commitment to GDPR compliance
As a data processor, we ensure that our services are fully GDPR compliant.
Data protection
To ensure confidentiality and availability, Zscaler stores a limited amount of personal data (e.g., IP address, URLs, user IDs) and does not process or store any special categories or “sensitive” data. Our cloud native security platform performs all inspection in memory only.
Security safeguards
For control, enforcement, and logging, our ultra-fast cloud architecture integrates three key components: the Central Authority, ZIA Public Service Edge, and Nanolog Servers. Learn more about these components in our help article.
Partnership in compliance
Our services and agreements firmly align with GDPR mandates, and we are committed to helping you stay compliant. To understand your GDPR compliance obligations as the data controller, and what to expect from Zscaler as the data processor, please see this simple chart.
Our Architecture
How our architecture supports GDPR compliance
Memory-only transactions
Transactional data is only stored in memory, never written to disk. You can choose to have logs written to disk in a physical location that complies with GDPR regional regulations.
Nanolog technology
Our unique Nanolog technology indexes, compresses, and tokenizes your transaction logs. Only a user with a full log history and access to our Central Authority can assemble meaningful personal data.
Full TLS/SSL inspection
Infinitely scalable TLS/SSL inspection is a core function of our cloud native platform. No matter how your traffic grows, gain unmatched control and visibility for personal data across all your encrypted traffic.
nuestra plataforma
Zscaler Zero Trust Exchange
Comunicación segura entre usuarios, cargas de trabajo y dispositivos
dentro de la sucursal, la nube y el centro de datos.
Zero Trust en todas partes
Detenga los ciberataques
- Vuélvase invisible para los atacantes
- Evite el compromiso
- Evitar el movimiento lateral
Datos protegidos
- Encuentre, clasifique y evalúe la postura de seguridad de los datos
- Prevenga la pérdida de datos en todos los canales
Proteja la IA
- Proteja el uso de la IA pública
- Proteja los modelos y aplicaciones de IA privados
- Proteja las comunicaciones entre agentes
Automatice las operaciones
- Acelere las operaciones de seguridad
- Optimice las experiencias digitales
FAQ
FAQs
GDPR compliance is mandatory for any organization that processes the personal data of individuals within the European Union (EU), regardless of where the organization is based. Noncompliance can result in significant fines and penalties.
Organizations that do not meet GDPR compliance can face fines of up to €20 million or 4% of their global revenue from the past financial year, whichever is higher. These penalties are designed to ensure that organizations take data protection seriously. In addition to fines, noncompliance can lead to reputational damage, legal action, and a loss of customer trust.
Talk to an expert
Learn more about how we can partner to help you stay GDPR compliant and secure.