Protect Your EU Customers’
Private Information for GDPR Compliance
Data privacy is crucial for EU citizens, as it protects their fundamental rights and freedoms. The General Data Protection Regulation (GDPR) ensures that EU citizens have control over their personal information and provides clear guidelines for businesses on how to manage and protect personally identifiable information (PII). By complying with GDPR, businesses demonstrate their commitment to protecting their EU customers’ confidential information and preserving their rights and freedoms. GDPR compliance can also strengthen a business’s reputation, attract new customers, and provide a competitive advantage.
The Kiteworks Private Content Network (PCN) helps organizations comply with GDPR. It features robust data encryption capabilities, including automated, end-to-end double encryption and granular access controls, supported by role-based permissions and multi-factor authentication. Organizations also utilize Kiteworks to set data retention policies that enable the automatic deletion or archiving of data after a certain period. All file activity, including file uploads, downloads, and shares, are monitored, tracked, and recorded in detailed audit logs. Kiteworks also allows organizations to obtain and manage user consents and data subject requests, so businesses handling PII obtain explicit and informed consent and efficiently respond to requests from individuals to access, delete, or modify their personal data.
GDPR Compliance: Data Privacy by Design With Encryption and Access
Unless organizations encrypt PII when it’s stored or shared, they jeopardize consumer privacy and risk a data breach or GDPR compliance violation. Kiteworks protects EU consumers’ PII with AES-256-bit encryption for content at rest and TLS 1.2 for content in transit. Advanced encryption features include a FIPS 140-2 Level 1 validated module, and an email protection gateway (EPG) featuring automated, policy-based encryption that protects PII in transit end-to-end. Sole encryption key ownership lets you decide when to rotate so no one, not even Kiteworks, can access your content. Granular access controls set and enforce role-based permissions to limit and restrict access to PII. Require project members or file recipients to verify their identities with multi-factor authentication. Apply your DLP to outbound traffic and your anti-malware and anti-phishing to inbound traffic. SafeVIEW and SafeEDIT DRM innovations enable full dynamic file viewing and editing to ensure that sensitive assets never leave the protected centralized server.
GDPR Compliance: Total Visibility of Every PII Exchange With Comprehensive Reporting
Businesses that have visibility into and control of every file that contains PII have strong content governance, adhere to data privacy standards like the NIST Cybersecurity Framework (CSF), and more effectively mitigate the risk of a data breach. Kiteworks provides unified visibility of every file containing PII coming into, moving through, and leaving your organization. Monitor and trace all content stored in connected on-premises and cloud ECM systems like OneDrive and Box. All file activity—who shares what with whom, when, and how—is supported by comprehensive reports that allow for file-level analysis. Detailed audit logs capture all file activity and integrate with your SIEM solution, enabling forensic analysis, eDiscovery, and evidence of GDPR compliance. Finally, one-click, audit-ready compliance reports provide detailed visibility into system configurations and security settings, streamlining GDPR audits.
GDPR Compliance: Protect Privacy With Every Email and File Transfer
By sharing PII securely, businesses ensure that EU residents’ rights, such as the right to privacy and data protection, are respected and upheld, in compliance with GDPR. Kiteworks lets you set granular, scalable administrative policies and strict access controls based on role-based permissions, like manager, collaborator, downloader, and view only. Kiteworks also supports file locking, restricting access to a file to one user at a time. Files are protected with AES-256 encryption at rest and TLS 1.2 in transit. In addition, multi-factor authentication prevents unauthorized access to emails and files containing PII. Choose to require MFA for all users, or only for certain users or under certain conditions like users accessing the system from unknown networks. All MFA interactions, just like all file activity, are logged and exportable to a syslog server and read by SIEM products like Splunk, LogRhythm, and ArcSight.
GDPR Compliance: Comply With Right to Be Forgotten
By complying with the GDPR Right to be Forgotten requirement, businesses demonstrate respect for individuals’ rights to privacy and data protection and avoid public scrutiny, criticism, and potential litigation. Kiteworks helps organizations comply with GDPR’s Right to be Forgotten. Organizations can define data retention policies, specifying how long personal data will be stored and when it will be permanently deleted. Kiteworks provides a centralized platform where all PII is stored, which helps organizations identify all the data they hold about an individual. In the event an individual requests the right to be forgotten, Kiteworks enables organizations to deliver or delete all the relevant data in a single click. All data deletion activities are logged and auditable.