![desktop hero](/_next/image?url=%2Fassets%2Fimages%2Fhero%2Fbluetogreen.png&w=1920&q=75)
Simplify Your GDPR Compliance
Learn about key compliance requirements and how Zscaler can help
What is the GDPR?
The General Data Protection Regulation (GDPR) imposed rules that have significantly changed the data privacy landscape in the European Union since 2018. All organizations that offer goods and services or collect and analyze data tied to EU residents, regardless of the organization’s location, are subject to these rules.
The goal of the GDPR is to strengthen and unify data protection by clearly defining the responsibilities of data controllers and data processors.
Breaking down the GDPR into a few core concepts can help you fully grasp your organization’s data footprint and compliance posture:
![Data flows Data flows](/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2FcolumnsIconsModuleCard%2Fvpn-solid-3_2.png&w=128&q=75)
Define what information across your organization is classified as personal data, and fully understand how that data is stored and processed across your suppliers, partners, and third-party vendors. This process will reveal your data footprint.
![Data security and control Data security and control](/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2FcolumnsIconsModuleCard%2Fvpn-solid-4_0.png&w=128&q=75)
Once you know your data footprint, identify the security controls needed to protect this data and minimize risk. This process accounts for data stored internally, as well as an audit of controls used by suppliers, partners, and vendors.
![Data retention and deletion Data retention and deletion](/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2FcolumnsIconsModuleCard%2Fvpn-solid-5.png&w=128&q=75)
Understand how long you need to retain data under the GDPR. Many industries are subject to regulations that map out specific time frames, while others may need to define retention requirements based on internal factors.
Zscaler ensures confidentiality and availability by storing a limited amount of personal data (e.g., IP address, URLs, user IDs) and does not process or store any special categories or “sensitive” data. The cloud native Zscaler Zero Trust Exchange platform is architected to do all inspection in memory—transactional content is never stored or written to disk.
Zscaler built from scratch an infinitely scalable, cost-effective, and ultra-fast cloud security architecture that integrates three key components for control, enforcement, and logging: the Central Authority (CA), ZIA Public Service Edge, and Nanolog Servers.
Zscaler services and agreements are firmly aligned with GDPR policies, and we are committed to assisting you in your compliance efforts. We have put together a simple PDF chart to help you understand your compliance obligations as the data controller, and what you can expect from Zscaler as the data processor. See the chart here.
![Memory-only transactions Memory-only transactions](/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2FcolumnsIconsModuleCard%2Fvpn-solid_34.png&w=128&q=75)
Transactional data is only stored in memory and never written to disk. You can choose to have logs written to disk in a physical location that complies with regional regulations.
![Nanolog technology](/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2FcolumnsIconsModuleCard%2Fvpn-solid-1_4.png&w=128&q=75)
Zscaler Nanolog technology indexes, compresses, and tokenizes your transaction logs, and only a user with a full log history and access to the Zscaler Central Authority can assemble meaningful personal data.
![Full TLS/SSL inspection Full TLS/SSL inspection](/_next/image?url=https%3A%2F%2Fwww.zscaler.com%2Fsites%2Fdefault%2Ffiles%2FcolumnsIconsModuleCard%2Fvpn-solid-2_3.png&w=128&q=75)
Native TLS/SSL inspection is built into the Zscaler platform. With unlimited capacity to scale inspection as traffic grows, you can deliver unmatched security controls and visibility to personal data across all of your encrypted communications.