Le vulnerabilità delle VPN ti preoccupano? Scopri come usufruire della nostra offerta per eliminare le VPN che include 60 giorni di prova gratuiti.

Simplify Your GDPR Compliance

Learn about key compliance requirements and how Zscaler can help

0

What is the GDPR?

The General Data Protection Regulation (GDPR) imposed rules that have significantly changed the data privacy landscape in the European Union since 2018. All organizations that offer goods and services or collect and analyze data tied to EU residents, regardless of the organization’s location, are subject to these rules.


The goal of the GDPR is to strengthen and unify data protection by clearly defining the responsibilities of data controllers and data processors.

Understanding the GDPR

Understanding the GDPR

Complying with the GDPR requires you to understand your responsibilities as a data controller, as well as what data falls under the regulation, where it lives, and your specific obligations in relation to protecting it. Today, most critical business processes are digital, comprising an abundance of data and data flows you must understand and account for to stay compliant.
Breaking down the GDPR into a few core concepts can help you fully grasp your organization’s data footprint and compliance posture:

Data flows
Data flows

Define what information across your organization is classified as personal data, and fully understand how that data is stored and processed across your suppliers, partners, and third-party vendors. This process will reveal your data footprint.


Data security and control
Data security and control

Once you know your data footprint, identify the security controls needed to protect this data and minimize risk. This process accounts for data stored internally, as well as an audit of controls used by suppliers, partners, and vendors.


Data retention and deletion
Data retention and deletion

Understand how long you need to retain data under the GDPR. Many industries are subject to regulations that map out specific time frames, while others may need to define retention requirements based on internal factors.


Your Compliance Partner

Zscaler as a GDPR partner for your compliance efforts

As a data processor, Zscaler is committed to partnering with you, the data controller, to help keep your organization GDPR-compliant.

Data protection

Zscaler ensures confidentiality and availability by storing a limited amount of personal data (e.g., IP address, URLs, user IDs) and does not process or store any special categories or “sensitive” data. The cloud native Zscaler Zero Trust Exchange platform is architected to do all inspection in memory—transactional content is never stored or written to disk.


Security safeguards

Zscaler built from scratch an infinitely scalable, cost-effective, and ultra-fast cloud security architecture that integrates three key components for control, enforcement, and logging: the Central Authority (CA), ZIA Public Service Edge, and Nanolog Servers.


Partnership in compliance

Zscaler services and agreements are firmly aligned with GDPR policies, and we are committed to assisting you in your compliance efforts. We have put together a simple PDF chart to help you understand your compliance obligations as the data controller, and what you can expect from Zscaler as the data processor. See the chart here.


The Zscaler Difference

How does the Zscaler architecture support GDPR compliance?

Memory-only transactions
Memory-only transactions

Transactional data is only stored in memory and never written to disk. You can choose to have logs written to disk in a physical location that complies with regional regulations.


Nanolog technology
Nanolog technology

Zscaler Nanolog technology indexes, compresses, and tokenizes your transaction logs, and only a user with a full log history and access to the Zscaler Central Authority can assemble meaningful personal data.


Full TLS/SSL inspection
Full TLS/SSL inspection

Native TLS/SSL inspection is built into the Zscaler platform. With unlimited capacity to scale inspection as traffic grows, you can deliver unmatched security controls and visibility to personal data across all of your encrypted  communications.