Strategies for regulatory compliance and data security.
General Data Protection Regulation (GDPR)
The new EU General Data Protection Regulation (GDPR) is a new data privacy control, compliance and enforcement legislation involving individuals’ information. It is applicable across the European Union (EU) member states and all global enterprises holding data of EU citizens. The definition of personal data has been expanded, and GDPR sets the foundation for how multinational organizations protect, and derive value from, sensitive customer information. Enterprises have until May 2018 to reach compliance or face significant financial penalties for non-compliance.
Although the General Data Protection Regulation (GDPR) is not prescriptive, it suggests the use of encryption and pseudonymization as approaches to protect sensitive data, but that leaves many questions, such as does GDPR apply to my enterprise, what are the penalties for non-compliance, under what conditions are data breach notification requirements removed, and how can encryption and key management simplify the extensive rules around data transfers outside the EU? Learn how HPE Format-Preserving Encryption (FPE) preserves business functionality while it fulfills both encryption and pseudonymization functions, which makes it a particularly useful technology for compliance with GDPR. Find out how Stateless Key Management minimizes the complexities introduced by encryption—by generating keys on demand.
Payment Card Industry (PCI) Compliance
Achieving and maintaining compliance with PCI DSS guidelines is expensive, challenging and time-consuming. Moreover, compliance does not equal security, and by itself, not enough to prevent data breaches. Emerging technologies and business initiatives are raising risk levels and bringing more systems and applications into PCI scope. HPE SecureData provides breakthrough technologies for a comprehensive data-centric approach that has been proven to reduce PCI compliance audit scope by up to 80%, and radically cut compliance costs.
In addition, HPE SecureData Mobile simplifies compliance and reduces costs for PCI scope reduction. With HPE SecureData Mobile, sensitive customer information is encrypted when a customer makes a purchase through a mobile application. The merchant environment has no access to encryption keys and decryption happens at the host end and processed further as needed for payment settlement.
Find out from a PCI DSS QSA why it’s no longer acceptable to strive for compliance over real-time security. Learn how the PCI DSS 3.0 standard brings a whole new meaning to ‘business as usual’ and can positively affect your business by introducing more flexibility and an increased focus on education, awareness and security as a shared responsibility.
Personally Identifiable Information (PII) Compliance
A new breed of cyber-attacks–advanced malware, exploitation networks and motivated insiders–is stealing personally identifiable information (PII) and other sensitive customer and corporate data from vulnerable ecosystems. But companies can neutralize data breaches by rendering the data valueless, de-identifying data through encryption, tokenization and data masking with the HPE SecureData portfolio. The challenge is to do this while retaining the business value in the information for consumption and use.
HPE SecureData Mobile protects sensitive PII data in mobile applications by encrypting the data as it travels through the entire data lifecycle. Data is decrypted only when it reaches secured trusted host systems. Since live data exposure is reduced, compliance to privacy regulation is also streamlined.
With the advanced threats that are pervasive today, it’s becoming increasingly dangerous for organizations to deploy new technologies and processes, and then reactively address the implications for data security in the ecosystem. Attend this webinar to learn more about how to implement a new data de-identification framework across production, test/dev and analytics use cases.
GDPR Webinar: make compliance good for your business
GDPR is the biggest shake-up in European data protection legislation for 30 years. The GDPR will have global impact and potentially significant consequences to any business that deals with European citizens’ data. Organizations have less than two years to ensure that their data protection processes are compliant. Most organizations will struggle to meet the May 25, 2018 deadline.
Data is the currency of success, discover how you can turn the General Data Protection Regulation into an opportunity for your business. Join Duncan Brown, Research Director, European Security Practice, at IDC and Tim Grieveson, Chief Cyber Security Strategist, Enterprise Security Products at HPE to discover how to make compliance good for your business.
Simplifying GDPR Compliance
Mitigate risk and derive business value as you take on the EU General Data Protection Regulation. GDPR outlines how organizations need to protect and value sensitive customer information and the consequences they will face if they fail to comply. This guide offers insights into this new regulation and how you can make compliance good for your business.
GDPR Compliance and Its Impact on Security and Data Protection Programs
The GPDR privacy regulation affects organizations anywhere in the world that collect or process personal data on EU residents. Encryption is one of the few specific technologies called out in the text of the GDPR, and its presence there essentially mandates its use by organizations.
Example architectures for data security and the GDPR
While the GDPR mandates a number of measures to protect EU citizen data, achieving compliance in large measure comes down to good data security. The GDPR recommends pseudonymization and encryption as two mechanisms that can be used to protect personally identifiable information (PII). This paper introduces typical business use cases for applying pseudonymization and encryption, provides an overview of the HPE SecureData core technologies and platform, and then describes architectures and strategies adopted by two of HPE’s customers to secure PII data.