Overview
The General Data Protection Regulation (GDPR) is considered one of the most stringent privacy and security laws in the world. The regulation came into effect on May 25, 2018. It was drafted by the European Union (EU).
In today’s data-centric world that is marred by constant data breaches and personalization of the web, individuals have been left wondering how their data is used and misused. GDPR can be best thought of as a legal framework to enforce effective, and practical data protection for personal data.

Featured Resource
How Fortanix can help you meet GDPR compliance
Secure encryption keys inside FIPS Level 3 HSM appliance
Data can be encrypted anywhere, with the keys secured inside a FIPS Level 3 appliance which is always under control of the data processor, with RBAC controls, crypto policies, etc.

Fine-grained access controls for users and data
Only the authorized processor gets access to the required data and only for the duration for which a business case exists as required by GDPR.

Data Protection at-rest
Fortanix offers various products to help secure your data at-rest by enabling solutions such as Transparent Data Encryption for various databases, Cloud Key Management for server-side encryption for cloud native databases, in-flight transparent encryption to enable client-side encryption for clouds and SaaS along with hardened FIPS 140-2 Level 3 compliant key management.

Reduce scope of sensitive data and adopt privacy by design.
Certain kinds of personal data should be tokenized or anonymized for better privacy. Fortanix offers these features built in. Fortanix also offers data masking which allows organizations to mask sensitive data before they are processed, greatly reducing GDPR compliance surface.



Research Vice President,
Gartner
Gartner Press Release, September 2020.
