Protecting Cross-border Data Transfers for GDPR

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Corporate legal counsels, technology providers, IT professionals – and anyone else paying attention to the General Data Protection Regulation (GDPR) – would undoubtedly agree that the requirements within the 99 Articles of the regulation present a laundry list of necessary changes many organizations will need to make to avoid non-compliance. The one we want to highlight in this blog calls for an adequate level of protection to be implemented for cross-border data transfers. Article 45, ‘Transfers on the basis of an adequacy decision’ specifically states:

“A transfer of personal data to a third country or an international organization may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organization in question ensures an adequate level of protection.”

This complicates things in the world of international commerce. Here in the United States, the Department of Commerce has nixed the U.S.-EU Safe Harbor Framework (following a decision by the Court of Justice of the European Union) and replaced it with a new framework, the EU-U.S. Privacy Shield. This new framework better aligns to the very detailed and specific requirements of GDPR, and it will allow companies within the United States and the European Union to successfully execute transatlantic data transfers.

Any country, governmental body or organization that turns a blind eye to this requirement will subsequently have their respective data transfers blocked by this legislation.  Most importantly, by not having an ‘adequate level of protection,’ basically means the chances of being subjected to a personal data breach increase considerably. Which as we all now know, introduces severe financial and reputational consequences.

With CyberArk The Privileged Account Solution Version 10, we’ve made significant enhancements that enable customers to better meet the requirements in storing session recordings for cross-border data transfers. Our customers now have the ability to securely store privileged session recordings on regional-based storage, as opposed to storing them in a Digital Vault, which might be globally dispersed or more likely, outside the European Union. This is especially important for monitored database sessions, where client data has the potential to be revealed as a consequence of a command executed by an administrator.   

This change applies to both processor and controller requirements and benefits customers that have a need to lock down their session recordings and ensure they do not leave a specific region (see Figure 1). This new capability goes beyond the requirements of GDPR and equally applies to local secrecy acts such as the Singapore Banking Secrecy Act, which prohibits (without permission) the export of client data outside of the region.

 

Figure 1. CyberArk now provides the ability to store privileged session recordings on dedicated, regional-based external storage.

It’s important for organizations to only provide authorized users with access to these recordings, ensuring that any playback processes are consistent with the data isolation requirements. Additionally, it’s critical to protect the integrity of these privileged session recordings for digital forensics in the case they should ever be needed for a legal proceeding. To support the security, integrity and validity of these session recordings, the following capabilities have been enforced with CyberArk Privileged Account Solution Version 10:

  • Secure Communication – The communication between the Privileged Session Manager, the storage devices and the CyberArk user interface for the recordings replay is performed via a secure protocol.
  • Managed Authorization – Only authorized users in the Vault will be able to access the session recordings through CyberArk systems.
  • Searchable Audit Records and Streamlined Video Replay – The actual location of the video is transparent to the authorized user (e.g. auditors and reviewers) and provides the exact same user experience for both vault-stored recordings and externally stored recordings.
  • Maintenance Users Protection – The CyberArk Privileged Account Security Solution will be used for authorizing and monitoring maintenance users’ access to the secure storage.

These enhancements show CyberArk’s dedication to helping organizations avoid non-compliance with GDPR. The CyberArk Privileged Account Security Solution can be critical for your organization to advance securely in an increasingly dynamic, competitive business environment. Be sure to visit our website for more information on how CyberArk solutions can help support your GDPR strategy today.

The post Protecting Cross-border Data Transfers for GDPR appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
1007 Followers
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.
Promoted Content
7 COMMON PRACTICES THAT MAKE YOUR ENTERPRISE VULNERABLE TO A CYBER ATTACK
Advanced cyber attacks involve compromised privileged accounts. Cyber attackers target them because they represent the keys to the IT kingdom. Effective enterprise security includes proactively protecting privileged accounts. Industry experts have identified practices that increase an organization’s vulnerability to a cyber attack. How many of these are common at your organization?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel