Simplify Your GDPR Compliance
Learn about key compliance requirements and how Zscaler can help
What is the GDPR?
The General Data Protection Regulation (GDPR) imposed rules that have significantly changed the data privacy landscape in the European Union since 2018. All organizations that offer goods and services or collect and analyze data tied to EU residents, regardless of the organization’s location, are subject to these rules.
The goal of the GDPR is to strengthen and unify data protection by clearly defining the responsibilities of data controllers and data processors.
Understanding the GDPR
Complying with the GDPR requires you to understand your responsibilities as a data controller, as well as what data falls under the regulation, where it lives, and your specific obligations in relation to protecting it. Today, most critical business processes are digital, comprising an abundance of data and data flows you must understand and account for to stay compliant.
Breaking down the GDPR into a few core concepts can help you fully grasp your organization’s data footprint and compliance posture:
Data flows
Define what information across your organization is classified as personal data, and fully understand how that data is stored and processed across your suppliers, partners, and third-party vendors. This process will reveal your data footprint.
Data security and control
Once you know your data footprint, identify the security controls needed to protect this data and minimize risk. This process accounts for data stored internally, as well as an audit of controls used by suppliers, partners, and vendors.
Data retention and deletion
Understand how long you need to retain data under the GDPR. Many industries are subject to regulations that map out specific time frames, while others may need to define retention requirements based on internal factors.
Zscaler as a GDPR partner for your compliance efforts
As a data processor, Zscaler is committed to partnering with you, the data controller, to help keep your organization GDPR-compliant.
Data protection
Zscaler ensures confidentiality and availability by storing a limited amount of personal data (e.g., IP address, URLs, user IDs) and does not process or store any special categories or “sensitive” data. The cloud native Zscaler Zero Trust Exchange platform is architected to do all inspection in memory—transactional content is never stored or written to disk.
Security safeguards
Zscaler built from scratch an infinitely scalable, cost-effective, and ultra-fast cloud security architecture that integrates three key components for control, enforcement, and logging: the Central Authority (CA), ZIA Public Service Edge, and Nanolog Servers.
Partnership in compliance
Zscaler services and agreements are firmly aligned with GDPR policies, and we are committed to assisting you in your compliance efforts. We have put together a simple PDF chart to help you understand your compliance obligations as the data controller, and what you can expect from Zscaler as the data processor. See the chart here.
How does the Zscaler architecture support GDPR compliance?
Memory-only transactions
Transactional data is only stored in memory and never written to disk. You can choose to have logs written to disk in a physical location that complies with regional regulations.
Nanolog technology
Zscaler Nanolog technology indexes, compresses, and tokenizes your transaction logs, and only a user with a full log history and access to the Zscaler Central Authority can assemble meaningful personal data.
Full TLS/SSL inspection
Native TLS/SSL inspection is built into the Zscaler platform. With unlimited capacity to scale inspection as traffic grows, you can deliver unmatched security controls and visibility to personal data across all of your encrypted communications.