A Seclore Whitepaper

Complying with the General Data

Protection Regulation (GDPR) of the EU
Leveraging Persistent Data-Centric Security to Achieve Compliance Objectives
Complying with the General Data Protection Regulation (GDPR) of the EU
The General Data Protection Regulation
(GDPR) is an EU regulation designed to
unify and normalize the data protection
framework within the EU. It will replace
the current data protection directive
(Directive 95/46/EC) and will be
applicable to all EU member states.
Complying with GDPR using Seclore ERM
The table below illustrates how Seclore can help organizations comply with various clauses of GDPR.
GDPR Clauses
Article 25
Data Protection by Design and by Default
“…The controller shall implement appropriate technical…
measures for ensuring that, by default, only personal data
which are necessary for each specific purpose of the
processing are processed…the extent of their processing, the
period of their storage and their accessibility…”
Article 30
Records of processing activities
“1. Each controller and, where applicable, the controller’s
representative, shall maintain a record of processing
activities under its responsibility…”
The Role of Data-centric Security
in the GDPR
The scope of GDPR includes all personal data processed by
organizations based inside the EU – as well as personal data of EU
citizens by organizations based outside the EU. Thus, the scope of
GDPR is absolutely data-centric in nature. No matter where in the
world the information resides - even outside the EU - it should
remain fully private, secure, and monitored at all times.
Traditional perimeter-centric security tools fail to secure data in this
data-centric manner. However, Enterprise Digital Rights
Management (ERM ) technology is capable of persistent, granular,
centralized, data-centric controls that secure information wherever
it goes. Simply put, ERM security controls always stay with the data.
Compliance with Seclore ERM
The extent of data processing (i.e. data in use) is an aspect of data
security that few technologies can fully control. With ERM however,
it can be easily controlled with granular usage permissions such as
viewing, editing, printing, copying, screen captures, as well as
time-based controls.
ERM can also integrate with various enterprise applications such
as EFSS, ERP, ECM, and core banking systems. Documents
downloaded from these applications can be protected by default
just before being downloaded. This ‘Policy Federation’ gives
applications the capability to extend their security and governance
to public networks or third-party networks – or even another
country. Thus, data protection can be designed into the IT
infrastructure by default – ensuring that data is always private.
ERM also provides data-centric auditing capabilities. Thus, the
scope of auditing – just like protection – is wherever the data
travels. Even unauthorized activities attempted by authorized users
are logged to support compliance reporting. Captured usage details
include: The nature of the activity (viewing, editing, printing, and so
on), the user who performed the activity, the time and location (IP
address) of the activity, and much more. Logs are generated in real
time and can be accessed from a central web-based console.
GDPR Clauses
Article 46
Transfers subject to appropriate safeguards
“…a controller or processor may transfer personal data to a
third country or an international organisation only if the
controller or processor has provided appropriate
safeguards...”
Article 16
Right to rectification
“The data subject shall have the right to obtain from the
controller without undue delay the rectification of inaccurate
personal data concerning him or her.”
Article 25
Right to rectification
Right to erasure (‘right to be forgotten’)
Article 32
Security of processing
“The controller and the processor shall implement
appropriate technical and organisational measures to ensure
a level of security appropriate to the risk, including inter alia
as appropriate:
(a) the pseudonymisation and encryption of personal data;…
Complying with GDPR - Where ERM Comes Into Play
Repeated non-compliance with the GDPR can invite fines reaching up to 20,000,000 EUR or 4% of the total worldwide annual turnover of the
preceding financial year, whichever is higher.
ERM technology has helped numerous EU organizations reduce security risks and align data privacy strategies to modern regulatory
requirements. With GDPR coming into effect on 25th May 2018, organizations should begin exploring how ERM will enable them to
collaborate securely while addressing the GDPR.
Compliance with Seclore ERM
Outsourcing is such an integral part of business models today that
most enterprises simply choose to live with its third-party security
risks – or just turn a blind eye.
With ERM technology, data controllers can have complete control
over their information – regardless of where it goes or is ultimately
stored. Copies of the data within and outside the EU both are
governed with the same policies. Thus, Seclore ERM will help
organizations maintain free and secure movement of data to other
countries.
When a new version of a document is updated and circulated, the
older version needs to be deprecated. When these documents lie
with third parties, their actual deletion may be difficult to achieve
using traditional technologies.
Using ERM however, the data owner can revoke access to all copies
of previously distributed documents or even modify their usage
policies remotely. Thus, effectively, unstructured data can be
‘erased’ from anywhere in the world.
In Seclore ERM, communication between Seclore agents and the
Seclore server (as well as that between an integrated application
and the Seclore server) is extremely secure and robust.
Organizations can align Seclore’s key exchange mechanism with
their overall cryptography strategy and policies. With Seclore’s Bring
Your Own Key (BYOK) feature, organizations can take control of
data encryption themselves by generating their own key pairs.
About Seclore
Seclore offers the market’s first fully browser-based data-centric security solution, which enables organizations to control the usage of
files wherever they go, both within and outside of the organization’s boundaries. The ability to remotely enforce and audit who can view,
edit, copy, screen share, and redistribute files empowers organizations to embrace mobility, file-sharing, and external collaboration with
confidence. With over 2000 companies in 29 countries using Seclore to protect 10 petabytes of data, Seclore is helping organizations
achieve their data security, governance, and compliance objectives.

Learn how easy it now is to keep your most sensitive data safe, and compliant.
Contact us at: info@seclore.com or CALL 1-844-4-SECLORE.

USA – West Coast India Singapore Europe UAE Saudi Arabia

691 S. Milpitas Excom House Second Floor Seclore Asia Pte. Ltd. Seclore GmbH Seclore Technologies FZ-LLC 5th Floor, Altamyoz Tower
Blvd.#217 Plot No. 7 & 8, AXA Tower, 8 Shenton Marie-Curie-Straße 8 Executive Office 14, DIC Olaya Street
Milpitas CA 95035 Off. Saki Vihar Road Way D-79539 Lörrach Building 1 FirstSteps@DIC P.O. Box. 8374
1-844-473-2567 Sakinaka, Mumbai Level 34-01 Germany Dubai Internet City, PO Box Riyadh 11482
400 072 Singapore – 068811 +49 151 1918 5673 73030, Dubai, UAE +966-11-212-1346
USA – East Coast +91 22 6130 4200 +65 8292 1930 +9714-440-1348 +966-504-339-765
420 Lexington Avenue +91 22 6143 4800 +65 9180 2700 +97150-909-5650
Suite 300, +97155-792-3262
Graybar Building Gurugram
New York City +91 124 475 0600
NY 10170

© 2018 Seclore, Inc. All Rights Reserved.