General Data Protection Regulation (GDPR) is a data privacy law designed to strengthen and unify personal data security for all individuals within the European Union (EU). Beyond providing overall guidelines regarding personal information acquisition, processing and destruction, the regulation also provides details on data breach defenses, notification and penalties. Applying Pulse’s Secure Access solutions helps organizations demonstrate due diligence and complementary controls to prevent personal data breach and mitigate GDRP risks.
At a time when enterprises are increasingly utilizing data center and cloud resources, employee and partner access to hybrid IT resources that contain GDRP relevant personal data represents new data leakage risks that organizations must mitigate to address GDPR compliance. Key challenges include:
• Ensuring only authorized, authenticated users have access to personal data
• Invoking protected connectivity between users, devices and apps accessing personal data
• Consistent enforcing of active end-point security mechanisms
• Segregating and protecting personal data on smart mobile devices
• Audit capabilities that demonstrate active access controls supporting personal data protection
How Pulse Secure Solutions Support GDPR
The Pulse Secure solutions provide an easy, comprehensive and integrated approach to extending your organization’s Secure Access capabilities. The approach allows for consistent policy-based access visibility, secure connectivity, data protection and audit across users and their mobile devices, and data center and cloud applications and resources that process and store personal data.
Data Privacy Security Mechanisms
Article 32 GDPR* advises that the controller and the processor of personal data as defined by GDPR shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. This suggests that organizations must put in place protections that deliver policy-based and auditable security controls for every user and system that has access to personal data covered by GDPR. To ensure a level of security appropriate to the risk, Pulse Secure fortifies GDPR compliance measures.
Strong user authentication to ensure only persons acting under the authority of the data controller has access to personal data
Protected connectivity between users, devices, applications and data stores containing personal data
Assurance of active end point security mechanisms for those users and their devices accessing and storing personal data
Secure smart mobile devices with encrypted workspaces that segregate apps and downloaded personal data including means for remote data wiping should the mobile device compromised, lost or stolen
Ability to apply consistent policies across mobile workforce devices and IT resources processing and storing personal data whether data resides on mobile devices, on premise, or in cloud-based systems
An active, retained and consistently utilized audit trail that demonstrates appropriate technical controls, monitoring and response with regards to access and data protection
Data Breach Notification and Penalties
Article 34 GDPR* advises that if an enterprise suffers a personal data breach, then the organization must communicate this breach “in clear and plain language” to every data subject affected. Such breaches may also result in an organization being fined by a supervisory authority of up to 2% of revenue for minor infringement or 4% for a major infringement or €20M, whichever is greater. Employing layered Secure Access defenses from Pulse provides the potential for organizations to avoid or alleviate GDRP breach notification and penalties. Beyond personal data encryption or obfuscation, Pulse Secure provides data protection safeguards to:
• Secure the communication session between a device and a data center or cloud-based application
• Enable configuration and security compliance on end point devices accessing GDPR relevant data
• Negate the risk of lost or stolen mobile devices that have stored downloaded and unencrypted personal data
• Enforce employee, contractors and IOT device access to data center GDPR data processing systems
If secure access controls are not in place to prevent future likely personal data breaches, then the supervisory authority may still compel the controller to disclose a breach incident even when data encryption and obfuscation were active.
Cover Your GDPR Control Gaps
The Pulse Secure solutions provide an easy, comprehensive and integrated approach to extending your organization’s Secure Access capabilities to fortify GDPR compliance.
Pulse Connect Secure
Pulse Connect Secure offers the most reliable, feature-rich SSL VPN that provides seamless, protected connectivity across corporate and personal mobile devices to corporate data center and cloud resources and applications.
Pulse Workspace is an extensive mobile application and device management solution that segregates personal and corporate application and data while preserving native user experience and low administrative overhead. Organizations can deploy corporate and sanctioned apps, secure connectivity, and ensure corporate data in transit and at rest is protected on Android and Apple mobile devices.
Pulse Cloud Secure
Pulse Cloud Secure is designed to provide a mobile workforce anytime, protected access to hybrid IT environments by enabling single sign-on (SSO) from mobile devices to cloud resources and SaaS applications with strong authentication and device compliance.
Pulse Policy Secure
Pulse Policy Secure is a next-generation Network Access Control solution that provides visibility, policy-based control, and enforcement of users, endpoints and IOT devices accessing or operating on a corporate network. The solution provides access intelligence, compliance, audit and threat response of devices accessing network resources that process and store personal data.