Glass Class - Here Comes GDPR
Hi, and welcome to Bitglass' Glass Class. Today we're going to be talking about some of the requirements of the General Data Protection Regulation, or GDPR, over in the European Union, as well as some of the tools that can help you meet compliance.
And we'll start by talking about consent. Now, under GDPR, companies can only use data for the purposes that data subjects originally agreed to. Something that can help you make sure you're doing that is access controls. The reason access controls are helpful, is because you can determine who actually gets to see certain types of data. For example, finance functions are the only ones that can see certain types of financial documents.
Moving on, we have privacy by design. Privacy by design requires that companies build out their technological processes in a way that takes a good hard look at data security, and data privacy, and tries to ensure those things. Something that can help with that is DLP, or data leakage prevention. With DLP policies like redaction or DRM (digital rights management), you can make sure that your data doesn't leak, and that it isn't seen by prying eyes.
Finally we have data residency. Data residency requirements say that companies can only put their data in safe geographic locations - usually countries that are involved in the EU. But there is one tool that can help you with data residency very simply, and that's encryption. The reason encryption is helpful is because, even if you store your data in another country that may not be super safe, if you keep your encryption key at home, you're said to have met compliance, because what lets you to see your data is, again, safely at home.
So these are just a few requirements under GDPR and a few tools that can help you meet compliance. But to get a more full picture, be sure to download the document attached to this video.
Thanks for watching today's Glass Class.