Simplify and Strengthen GDPR Compliance

Define what data across your organization is classified as personal data, and understand how it is stored and processed across your third-party suppliers, partners, and vendors. This will reveal your data footprint.

Once you know your data footprint, identify the security controls needed to protect this data and minimize risk. This accounts for data stored internally, as well as an audit of controls used by third parties.

Understand how long you need to retain data under the GDPR. Many industries already have their own specific regulations, while others may need to define requirements based on internal factors.

To ensure confidentiality and availability, Zscaler stores a limited amount of personal data (e.g., IP address, URLs, user IDs) and does not process or store any special categories or “sensitive” data. Our cloud native security platform performs all inspection in memory only.

For control, enforcement, and logging, our ultra-fast cloud architecture integrates three key components: the Central Authority, ZIA Public Service Edge, and Nanolog Servers. Learn more about these components in our help article.

Our services and agreements firmly align with GDPR mandates, and we are committed to helping you stay compliant. To understand your GDPR compliance obligations as the data controller, and what to expect from Zscaler as the data processor, please see this simple chart.

Transactional data is only stored in memory, never written to disk. You can choose to have logs written to disk in a physical location that complies with GDPR regional regulations.

Our unique Nanolog technology indexes, compresses, and tokenizes your transaction logs. Only a user with a full log history and access to our Central Authority can assemble meaningful personal data.

Infinitely scalable TLS/SSL inspection is a core function of our cloud native platform. No matter how your traffic grows, gain unmatched control and visibility for personal data across all your encrypted traffic.