GDPR module

The Cryptomage Cyber Eye™ Network Detection and Response class probe with a dedicated GDPR module to provide organizations with support in data protection.

The Personal Data Protection Regulation is a legal act of the European Union and is binding on all member states. The regulation concerns the rules for the processing, using, and storing personal data of individuals and businesses.

Article 32 of the Regulation imposes several obligations on processors of personal data, including the implementation of appropriate technical and organizational measures to ensure a degree of security appropriate to the risk, including, among other things, regularly testing, measuring, and evaluating the effectiveness of technical and organizational measures, designed to ensure the security of data processing. Since the introduction of data protection regulations, many reports of personal data leaks have been identified and published in the media.

Cryptomage Cyber Eye™ supports compliance with the GDPR guidelines by:

  • Providing a dedicated panel for the Data Protection Officer enables support in meeting statutory obligations.
  • Continuous monitoring of selected types of data (Personal Identity Number, taxpayer identification number, ID card number, IBAN, etc.) detected in network traffic.
  • Detection of personal data transmitted outside the EU
  • Geolocation of the recipient or sender of all detected personal data.
  • Inventory of detected data.
  • Securing evidence in the form of network traffic dumps.
  • A consistent analytical interface with security events not directly related to personal data protection.
  • The European Parliament’s Data Protection Regulation provides penalties of up to €50 million or 4% of revenue. Among the justifications for the penalty decisions in institutions is the failure to implement adequate processes and oversight tools that, according to the Office for Personal Data Protection (OCCP), could have prevented the incidents.

The risk of data breaches has increased since the COVID-19 pandemic, when remote work was intensified, enabling attacks using more techniques. In this situation, combining the ability to identify cyber risks and data protection monitoring becomes essential.