Data Loss Prevention Software for GDPR Compliance

An important part of the audit is covered by Endpoint Protector Data Loss Prevention and Device Control. In the initial phases of the process of becoming compliant with GDPR, you can use Endpoint Protector DLP and Device Control (USB and other removable devices) with policies set on report-only, so data that is being transferred outside the company is being tracked and reported. Get valuable insights about which users are transferring sensitive data, like Personally Identifiable Information, Credit Card Numbers, Social Security Numbers, and other confidential information.

Additionally, the exit points can be flagged for monitoring, to detect exactly where the confidential data goes – on cloud apps, by e-mail, on portable storage devices, on webmail, etc. The most active users when it comes to data transfers and devices connections can be discovered and based on this information together with data gathered from other tools can paint a picture on the actual situation before moving forward with operational changes for compliance.

Once the audit is finalized, you have to strengthen security and address the vulnerabilities. Endpoint Protector monitoring policies can be converted into restrictive policies, blocking unwanted file transfers, unauthorized data copied/pasted, screen captures, etc. and all of this depending on the various transfer channels and the users, computers, groups that are part of the organizational structure. Since individuals’ private data is so crucial to protect according to the updated regulation, it can be secured against leakages and theft with the content filtering and USB control capabilities available in Endpoint Protector DLP.

Endpoint Protector DLP can also help in the cross-border data transfers. Organizations are prohibited from transferring personal data to recipients outside the EEA, unless the region of destination provides an adequate level of data protection (deemed by the European Commission), or unless there are other circumstances set also by the European Commission. Endpoint Protector can detect and block data transfers to solutions with data centers located in countries outside the EU (e.g. Dropbox) or, in case those countries fit in the adequacy level of data protection, data transfers can be allowed. It all comes down to the control you get for sensitive data movement.

The GDPR states that data privacy should be ensured, with no specifics about the platform, if it is Windows, macOS or Linux, iOS, Android, Windows Phone, etc. or the exit channels – email, cloud file sharing, removable devices, etc. It is not important, after all. The essential part is that data must be secured no matter what. Therefore, for any data security tool you choose to implement, make sure it covers your entire infrastructure, all endpoints, mobile devices, or exit points.