Global leaders are coming to Zenith Live. Are you? Learn More
Global leaders are coming to Zenith Live. Are you?
Learn More
Products > GDPR Compliance

Accelerate your GDPR readiness

Learn about the key requirements for compliance

Watch Video

What is GDPR?

The General Data Protection Regulation (GDPR) imposes new rules that significantly change the data privacy landscape in the European Union (EU).

The new law, which takes effect on May 25, 2018, affects all organizations that offer goods and services or collect and analyze data tied to EU residents, regardless of the organization’s location.

The goal of GDPR is to strengthen and unify data protection by clearly defining the responsibilities of data controllers and data processors.

Read the White Paper

Preparing for GDPR

One challenge posed by GDPR is understanding your responsibilities as a data controller. Another is understanding what data falls under the regulation, where it lives, and your specific obligations in relation to its protection. Because most critical business processes are digital, there can be an abundance of information and data flows that you must now understand and account for to remain compliant.

Breaking down GDPR into a few core concepts can help you understand your organization’s data footprint and compliance posture:

Data flows

Data Flows

Define what information across your business is classified as personal data, and fully understand how that data is stored and processed across your suppliers, partners, and third-party vendors. This process will reveal your data footprint.

Data Security and Control

Data Security and Control

Once you know your data footprint, identify the security controls needed to protect this information and minimize risk. This process accounts for data stored internally, as well as an audit of controls used by suppliers, partners, and vendors.

Data Retention and Deletion

Data Retention and Deletion

Understand how long you need to retain data under GDPR. Many industries are subject to regulations that map out specific time frames, while others may need to define retention requirements based on internal factors.

Zscaler as a GDPR partner for your compliance efforts

As a security-as-a-service provider, data privacy and security is core to Zscaler’s business and something Zscaler takes very seriously. We are committed to helping you successfully comply with GDPR requirements through a strong partnership between Zscaler (data processor) and your organization (data controller).

Data protection

Zscaler ensures confidentiality and availability by storing a limited amount of personal data, like IP address, URLs, and user IDs, and does not process or store any special categories or “sensitive” data. The Zscaler cloud platform has been architected to do all inspection in memory; transactional content is never stored or written to disk.

Security safeguards

Since Zscaler operates a multi-tenant cloud, it has certified to the ISO 27001 framework in order to maintain consistent and robust security controls. Zscaler encrypts all traffic communication within its could, and implements strict security controls such as antivirus, firewalls, vulnerability scanning, penetration testing, and security code peer reviews.

Partnership in compliance

Zscaler teams have thoroughly analyzed GDPR to ensure that our services and agreements align with the new regulations, and we are committed to assisting you in your compliance efforts as well. We have developed a tool for customers to better understand what exactly they need to do to comply with the GDPR as the data controller, and what they can expect from Zscaler as the data processor. View the chart here (PDF).

Zscaler as a partner in GDPR

How the Zscaler Architecture enables
your GDPR compliance efforts

Built from the ground up as a true multi-tenant cloud platform, the Zscaler architecture delivers the highest standards of data security. There are several design factors that make the Zscaler cloud unique.

Memory-only transactions

Memory-only transactions

Transactional data is only stored in memory and never written to disk. Customers can choose to have logs written to disk in a physical location that complies with regional regulations.

Nanolog technology

Nanolog technology

Zscaler Nanolog technology is designed to index, compress, and tokenize customer transaction logs, which, on their own, are meaningless. Only a customer with a full log history and access to the Zscaler Central Authority can assemble meaningful personal data within the Zscaler interface.

Full SSL inspection

Full SSL inspection

Native SSL inspection is built into the Zscaler platform. With unlimited capacity to scale SSL inspection as traffic grows, you can deliver unmatched security controls and visibility to personal data across all of your organization’s encrypted communications.

Suggested Resources

GDPR Whitepaper

Get an understanding of what GDPR is an how it impacts your company

Read the White Paper 

Technical Overview

Read how Zscaler handles customer data and delivers compliance for GDPR

Read the GDPR Statement 

Blog

Read why GDPR is an opportunity for greater data hygiene

Read the Blog