This article summarizes how GDPR applies to business applications and explains how to make them compliant with Visual Guard ready-to-use security features.
Since GDPR became effective in May 2018, companies are required to implement mechanisms to protect user data throughout the European Union.
Are you sure you comply with all GDPR requirements?
Are there any aspects that you haven't covered yet?
This article recaps obligations specific to business applications and how Visual Guard facilitates compliance that may otherwise be difficult to achieve especially for existing applications.
The General Data Protection Regulation (GDPR) is a European regulation aiming at protecting personal data for all EU citizens.
Sanctions for non-compliance can go up to 20 million € or 4% of your organization’s annual revenue.
Your application(s) should comply with GDPR if:
Note: Application owners are responsible for implementing data protection measures and demonstrating their GDPR compliance, even if the production of their applications is outsourced to another company (for instance a cloud provider, hosting them in production) - see Recital 74.
Any personal, professional, private or public information, related to an individual (name, address, photo, email, financial details, medical information, blog entry…).
By default, user consent is required, unless processing his personal data is necessary for legal reasons.
Application owners should comply with the following requirements:
This chapter explains how Visual Guard will help
make your applications GDPR compliant
Visual Guard adds security features inside your applications.
As a result, you can:
The alternative to Visual Guard is the development of custom security code within each application. More expensive because software developers must reinvent the wheel for each development language used in your organization. Less secured since developers are not security experts, and cannot anticipate all possible issues.
Visual Guard supports all types of application (desktop, web, mobile, SaaS...), all development languages (.Net, PowerBuilder, Angular, Java, PHP…) off-the-shelf. It complies with most security, architectures and network requirements.
Visual Guard controls which personnel are authorized to view or edit sensitive data.
Note: recording and auditing are transversal to all applications:
Visual Guard helps detect data breaches:
When using Visual Guard, the features enforcing data protection are designed and embedded inside your application, to guarantee comprehensive and robust protection.
Developers define permissions with the VG Console.
First, permissions are stored in a development repository.
Then, they are deployed in production with the VG Console
Administrators manage Users and Groups,
they grant them Permissions and Roles with a Web Console
Users log into the application and VG authenticates them.
Their permissions are loaded from the VG repository,
and applied to enforce Access Control rules.
Sensitive operations are logged in the VG Repository.
Any technology capable of calling web services is supported
Auditors use a web application to review user operations.
They can also control user roles and permissions across all applications.