Accelerate General Data Protection

Regulation (GDPR) Compliance

with Dataguise DgSecure
YES, YOU SHOULD COMPLY WITH THE GDPR.

The General Data Protection Regulation (GDPR) may have been created in the European Union (EU), but
it applies to any organization, anywhere in the world, that controls or processes the personal data of EU
residents. Taking effect on May 25, 2018, the GDPR is designed to increase individuals’ rights over their
personal data and to increase accountability for data processors and controllers. You must have
effective policies and processes in place to protect data privacy, as well as adherence to those policies
and processes, and documented proof of both. Will your organization be ready?

WHY WORK WITH DATAGUISE ON GDPR COMPLIANCE?

The GDPR outlines specific requirements that must be met but not necessarily how to meet them.
Certainly, there is no magic bullet, no single technology solution, that will make your organization
“GDPR-compliant.” But there is one solution provider that can help you get there faster, with a stronger
footing, than any other.

Dataguise is the leader in sensitive data governance and the only vendor to provide end-to-end sensitive
data discovery and protection, all from a single platform. For more than a decade, we’ve been focused
on safeguarding sensitive data in highly regulated industries, from financial services and retail to
government and healthcare. Today, Dataguise DgSecure can detect, protect, and monitor both struc-
tured and unstructured data across your extended enterprise, on premises and in the cloud. Delivered
with pre-built, customizable policies specific to “personal data” as defined in the GDPR, DgSecure puts
you well on your way to GDPR compliance.

DgSECURE

DASHBOARD POLICIES & RULES DETECT & PROTECT MONITOR 3

COVERAGE EXPOSURE PROTECTION ALERTS

ASSETS IN SCOPE ALL ON PREMISE CLOUD

10
ON PREMISE
5
CLOUD
6 5M 20% 16% 0.2% 40%
ALL ASSETS 6 SOURCES 5 MILLION FILES/TABLES DETECTED DATA PROTECTED ALERTED IN LAST 24HRS UNSCANNED
1M FILES / 3400 TABLES 800K FILES / 1650 TABLES 10K FILES 2M FILES / 50K TABLES

OVERALL COVERAGE SHOW ALL CHARTS

COVERAGE ACROSS SOURCES COVERAGE TREND CONTENT USERS

278K
30K 300K 30K 8K

20K 200K 20K 6K

10K 100K 10K 4K

0 0 0 2K
RS-LAKE STG-LAKE TDS DB2 DW1 APS-HIVE SOC-S3 STM-SS3 JAN MAR MAY JUL SEP NOV S3-W AWS SQL5 AWS4 RDS5 RS-LAKE STG-L.. TDS DB2
CLOUD ON PREMISE
0
RS-LAKE STG-LAKE TDS DB2 DW1 APS-HIVE SOC-S3 STM-SS3
EXPOSED MASKED/ENCRYPTED EXPOSED MASKED/ENCRYPTED UNSTRUCTURED STRUCTURED
MONITORED CLEAN UNSCANNED MONITORED CLEAN UNSCANNED SQL NoSQL CSV HIPAA PHI PII

EXPOSURE AND PROTECTION SHOW ALL CHARTS

PROTECTED EXPOSED UNSCANNED MONITORED

8K 8K 8K 8K

6K 6K 6K 6K

4K 4K 4K 4K

2K 2K 2K 2K

0 0 0 0
RS-LAKE STG-LAKE TDS DB2 DW1 APS-HIVE SOC-S3 STM-SS3 RS-LAKE STG-LAKE TDS DB2 DW1 APS-HIVE SOC-S3 STM-SS3 RS-LAKE STG-LAKE TDS DB2 DW1 APS-HIVE SOC-S3 STM-SS3 RS-LAKE STG-LAKE TDS DB2 DW1 APS-HIVE SOC-S3 STM-SS3

MASKED ENCRYPTED MONITORED HIPAA PHI PII UNSTRUCTURED STRUCTURED SQL NoSQL HIPAA PHI PII

Delivering a single dashboard view of personal data exposure, protection, policies, and trends,
DgSecure gives IT and business leaders the insights they need to manage risk and compliance
while maximizing the value of information assets.
WHICH ASPECTS OF THE GDPR CAN DATAGUISE ADDRESS?

The GDPR is a massive piece of legislation. Complete and continual compliance requires a combination
of people, process, and technology. As always, we recommend consulting your legal or compliance
teams to determine your needs; but from a technology perspective, Dataguise DgSecure can help you
address the following requirements of the GDPR:

• Knowing and documenting the personal data your organization holds: This is the foundation of all
GDPR compliance and involves identifying and reporting the exact location of all personal data in your
data repositories, in all its varied and vague formats. That’s no small feat for any company, but it is
especially challenging for large, global organizations with petabytes of data moving across cloud and
on-premises environments.

• Informing individuals of the personal data you hold about them (Articles 13, 14, 15): The “right of
access” mandate in the GDPR gives individuals the right to know what data you hold about them, how
and why it is being used and accessed, and by whom. You must be able to retrieve and present this
information without delay.

• Protecting personal data, e.g., via pseudonymization (masking), encryption, and erasure
(Articles 17, 24, 25, 32): The existence of appropriate safeguards, such as pseudonymization or
encryption, may help you retain personal data for business processing by you or a third party, and will
also reduce your compliance burden in the event of a data breach. At the same time, you must be
prepared to erase personal data when individuals exercise their “right to be forgotten.”

• Detecting, reporting, and investigating a personal data breach (Articles 33, 34): You’ll need to notify
your supervisory data authority and/or affected data subjects as early as 72 hours after becoming
aware of a high-risk data breach. As soon as possible you should be able to pinpoint exactly which
data was exposed, how and when the unauthorized access occurred, and the measures you’ve taken
to mitigate adverse effects. Monitoring personal data more precisely will help speed time to resolution.

• Maintaining records of data privacy protection and compliance (Articles 25, 30): In addition to
documenting data protection policies and processing activities, you may need to keep track of which
people or systems are accessing personal data, whether inside or outside your organization. Data
transfers to third parties or countries may also require additional documentation of technical
security measures.

Data protection in the GDPR is about mitigating risk, not just for data subjects but for data processors
and controllers as well. Fines could cost you up to 4% of your annual revenues or €20 million EUR,
whichever is higher. A data breach could cost you even more. Contact Dataguise today to put your
organization in the strongest position to comply with the GDPR in time for the May 2018 deadline.

About Dataguise
Dataguise is a leader in sensitive data governance, providing data-centric audit and protection (DCAP)
solutions that discover sensitive data across the enterprise and secure it according to governance, risk, and
compliance policies. In the cloud and on premises, Dataguise detects, protects, and monitors both structured
and unstructured data to help enterprises maximize the value of information assets while meeting PCI,
HIPAA, GDPR, and other data privacy mandates. For more information visit www.dataguise.com.

DATAGUISE, INC. | 2201 WALNUT AVE. STE 260 | FREMONT, CA 94538 | 877.632.0522 | WWW.DATAGUISE.COM