This paper summarizes how GDPR impacts business applications and explains how Visual Guard simplifies GDPR compliance.
You may have heard of GDPR, but you don’t know whether or not your
applications are impacted. Do they have to be modified? If so, how?
Did you know that GDPR may apply to non-European organizations?
Or that user consent is not always required?
You will find below some answers to these questions.
The General Data Protection Regulation (GDPR) is a European regulation, enforceable from 25 May 2018, aiming at protecting personal data for all EU citizens.
Sanctions for non-compliance can go up to 20 million € or 4% of your organization’s annual revenue.
Your application(s) should comply with GDPR if:
Note: Application owners are responsible for implementing data protection measures and demonstrating their GDPR compliance, even if the production of their applications is outsourced to another company (for instance a cloud provider, hosting them in production) - see Recital 74.
Any personal, professional, private or public information, related to an individual (name, address, photo, email, financial details, medical information, blog entry…).
By default, user consent is required, unless processing his personal data is necessary for legal reasons.
Application owners should comply with the following requirements:
This chapter explains how Visual Guard will help
make your applications GDPR compliant
Visual Guard adds security features inside your applications.
As a result, you can:
The alternative to Visual Guard is the development of custom security code within each application. More expensive because software developers must reinvent the wheel for each development languages used in your organization. Less secured since developers are not security experts, and cannot anticipate all possible issues.
Visual Guard supports all types of application (desktop, web, mobile, SaaS...), all development language (Java, .Net, PHP…) off-the-shelf. It complies with most security, architectures and network requirements.
Visual Guard controls which personnel is authorized to view or edit sensitive data.
Note: recording and auditing are transversal to all applications:
Visual Guard helps detect data breaches:
When using Visual Guard, the features enforcing data protection are designed and embedded inside your application, to guarantee comprehensive and robust protection.
Developers define permissions with the VG Console.
First, permissions are stored in a development repository.
Then, they are deployed in production with the VG Console
Administrators manage Users and Groups,
they grant them Permissions and Roles with a Web Console
Users log into the application and VG authenticates them.
Their permissions are loaded from the VG repository,
and applied to enforce Access Control rules.
Sensitive operations are logged in the VG Repository.
Any technology capable of calling web services is supported
Auditors use a web application to review user operations.
They can also control user roles and permissions across all applications.