GDPR module

Cryptomage Cyber Eye™ Network Detection and Response class probe is equipped with a dedicated GDPR module to provide organizations with support in data protection.

The General Data Protection Regulation (GDPR)  is a legal act of the European Union and is binding in all member states. The regulation sets up the rules for the processing, using, and storing of personal data of individuals and businesses.

Article 32 of the Regulation imposes several obligations on processors of personal data, including the implementation of appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, among other things, a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. Since the introduction of data protection regulations, many personal data leaks have been identified and published in the media.

Cryptomage Cyber Eye™ supports compliance with the GDPR guidelines in the following ways:

  • Providing a dedicated panel for the Data Protection Officer enables support in meeting statutory obligations.
  • Continuous monitoring of selected types of data (Personal Identity Number, taxpayer identification number, ID card number, IBAN, etc.) detected in network traffic.
  • Detection of personal data transmitted outside the EU.
  • Geolocation of the recipient or sender of all detected personal data.
  • Inventory of detected data.
  • Securing evidence in the form of network traffic dumps.
  • A consistent analytical interface with security events not directly related to personal data protection.
  • The European Parliament’s Data Protection Regulation provides penalties of up to €50 million or 4% of revenue. Among the justifications for the penalty decisions in institutions is the failure to implement adequate processes and oversight tools that, according to the Polish Personal Data Protection Office, could have prevented the incidents.

The risk of data breaches has increased since the COVID-19 pandemic, when remote work was intensified, enabling attacks using more techniques. In this situation, combining the ability to identify cyber risks and data protection monitoring becomes essential.