Ensure data protection and privacy with robust, GDPR-compliant security
Protect confidentiality and availability of sensitive and personal data
Maintain safeguards for control, enforcement, and logging
Confidently meet your obligations as a data controller
What is the GDPR?
The General Data Protection Regulation (GDPR) is a key data privacy standard in the European Union. It defines how organizations worldwide must collect and process the personal data of EU citizens and residents, aiming to:
Protect the privacy and security of individuals' personal data
Enforce lawfulness, fairness, and transparency in data handling
Improve EU citizens' control over their personal data and its portability
Standardize data protection laws across EU member nations
In place since 2018, the GDPR has affected the data privacy landscape around the globe, inspiring similar laws in California (CCPA), China (PIPL), India (DPDP), and elsewhere.
Know your role in GDPR compliance
To comply with GDPR requirements, you need to understand your responsibilities as a data controller, where you store the data to which the GDPR applies, and your specific obligations. Most of today's critical business processes are digital, which creates a massive amount of data and data flows you must understand and account for to stay compliant.
To fully grasp your organization's data footprint and compliance posture, you can break down the GDPR into a few core concepts:
Data flows
Define what data across your organization is classified as personal data, and understand how it is stored and processed across your third-party suppliers, partners, and vendors. This will reveal your data footprint.
Data security and control
Once you know your data footprint, identify the security controls needed to protect this data and minimize risk. This accounts for data stored internally, as well as an audit of controls used by third parties.
Data retention and deletion
Understand how long you need to retain data under the GDPR. Many industries already have their own specific regulations, while others may need to define requirements based on internal factors.
Our commitment to GDPR compliance
As a data processor, we ensure that our services are fully GDPR compliant.
Data protection
To ensure confidentiality and availability, Zscaler stores a limited amount of personal data (e.g., IP address, URLs, user IDs) and does not process or store any special categories or “sensitive” data. Our cloud native security platform performs all inspection in memory only.
Security safeguards
For control, enforcement, and logging, our ultra-fast cloud architecture integrates three key components: the Central Authority, ZIA Public Service Edge, and Nanolog Servers. Learn more about these components in our help article.
Partnership in compliance
Our services and agreements firmly align with GDPR mandates, and we are committed to helping you stay compliant. To understand your GDPR compliance obligations as the data controller, and what to expect from Zscaler as the data processor, please see this simple chart.
How our architecture supports GDPR compliance
Memory-only transactions
Transactional data is only stored in memory, never written to disk. You can choose to have logs written to disk in a physical location that complies with GDPR regional regulations.
Nanolog technology
Our unique Nanolog technology indexes, compresses, and tokenizes your transaction logs. Only a user with a full log history and access to our Central Authority can assemble meaningful personal data.
Full TLS/SSL inspection
Infinitely scalable TLS/SSL inspection is a core function of our cloud native platform. No matter how your traffic grows, gain unmatched control and visibility for personal data across all your encrypted traffic.
Experience the power of the Zscaler Zero Trust Exchange
A comprehensive platform to secure, simplify, and transform your business
01 Risk Management
Reduce risk, and detect and contain breaches, with actionable insights from a unified platform
02 Cyberthreat Protection
Protect users, devices, and workloads against compromise and lateral threat movement
03 Data Protection
Leverage full TLS/SSL inspection at scale for complete data protection across the SSE platform
04 Zero Trust for Branch and Cloud
Connect users, devices, and workloads between and within the branch, cloud, and data center
Talk to an expert
Learn more about how we can partner to help you stay GDPR compliant and secure.