Products > GDPR Compliance

Accelerate your GDPR readiness

Learn about the key requirements for compliance

What is GDPR

What is the GDPR?

The General Data Protection Regulation (GDPR) imposes new rules that significantly change the data privacy landscape in the European Union (EU).

The new regulation, which takes effect on May 25, 2018, affects all organizations that offer goods and services or collect and analyze data tied to EU residents, regardless of the organization’s  location.

The goal of the GDPR is to strengthen and unify data protection by clearly defining the responsibilities of data controllers and data processors.

Preparing for the GDPR

One challenge posed by the GDPR is understanding your responsibilities as a data controller. Another is understanding what data falls under the regulation, where it lives, and your specific obligations in relation to its protection. Because most critical business processes are digital, there can be an abundance of information and data flows that you must now understand and account for to remain compliant.

Breaking down the GDPR into a few core concepts can help you understand your organization’s data footprint and compliance posture:

Data flows

Data Flows

Define what information across your business is classified as personal data, and fully understand how that data is stored and processed across your suppliers, partners, and third-party vendors. This process will reveal your data footprint.

Data Security and Control

Data Security and Control

Once you know your data footprint, identify the security controls needed to protect this information and minimize risk. This process accounts for data stored internally, as well as an audit of controls used by suppliers, partners, and vendors.

Data Retention and Deletion

Data Retention and Deletion

Understand how long you need to retain data under the GDPR. Many industries are subject to regulations that map out specific time frames, while others may need to define retention requirements based on internal factors.

Zscaler as a partner in GDPR

Zscaler as a GDPR partner for your compliance efforts

As a security-as-a-service provider, data privacy and security are core to Zscaler’s business and something Zscaler takes very seriously. We are committed to helping you successfully comply with GDPR requirements through a strong partnership between Zscaler (data processor) and your organization (data controller).

Data protection

Zscaler ensures confidentiality and availability by storing a limited amount of personal data, like IP address, URLs, and user IDs, and does not process or store any special categories or “sensitive” data. The Zscaler cloud platform has been architected to do all inspection in memory; transactional content is never stored or written to disk.

Since Zscaler operates a multi-tenant cloud, it has certified to the ISO 27001 framework in order to maintain consistent and robust security controls. Zscaler encrypts all traffic communication within its could, and implements strict security controls such as antivirus, firewalls, vulnerability scanning, penetration testing, and security code peer reviews.

Zscaler teams have thoroughly analyzed the GDPR to ensure that our services and agreements align with the new regulations, and we are committed to assisting you in your compliance efforts as well. We have developed a tool for customers to better understand what exactly they need to do to comply with the GDPR as the data controller, and what they can expect from Zscaler as the data processor. View the Chart Here (PDF).

How the Zscaler Architecture enables your GDPR compliance efforts

Built from the ground up as a true multi-tenant cloud platform, the Zscaler architecture delivers the highest standards of data security. There are several design factors that make the Zscaler cloud unique.

Memory-only transactions

Memory-only transactions

Transactional data is only stored in memory and never written to disk. Customers can choose to have logs written to disk in a physical location that complies with regional regulations.

Nanolog technology

Nanolog technology

Zscaler Nanolog technology is designed to index, compress, and tokenize customer transaction logs, which, on their own, are meaningless. Only a customer with a full log history and access to the Zscaler Central Authority can assemble meaningful personal data within the Zscaler interface.

Full SSL inspection

Full SSL inspection

Native SSL Inspection is built into the Zscaler platform. With unlimited capacity to scale SSL inspection as traffic grows, you can deliver unmatched security controls and visibility to personal data across all of your organization’s encrypted  communications.

Suggested Resources

GDPR Whitepaper

Gain an understanding of what the GDPR is and how it impacts your company

GDPR Overview & FAQ

Read how Zscaler handles personal data for GDPR and other FAQs


Read why GDPR is an opportunity for greater data hygiene