Skip to content
BLOG NEWS CONTACT US

StratoKey CCM

Cloud Compliance Management (CCM) delivers complete automated compliance management and reporting for enterprise.

StratoKey CASB

StratoKey Cloud Access Security Broker (CASB) for protecting sensitive data in cloud and SaaS applications.

StratoKey CCM Platform

Platform Overview

End-to-end Compliance for any application.

Compliance Support

HIPAA

Ready to go Health Insurance Portability and Accountability Act pack.

ITAR & CMMC

ITAR and CMMC pack to power your compliance management.

NIST 800-53

NIST 800-53 pack for low, moderate and high baselines.

Compliance Packs

NIST SP 800-53, NIST SP 800-171, GLBA, FERPA, BaFin, PIPEDA, PDPA, Privacy Act.

Compliance Support

NetSuite, Salesforce, ServiceNow

Compliance integrations for NetSuite, Salesforce and ServiceNow.

StratoKey CASB + CCM

Data protection + compliance management.

Compliance as a Service (CaaS)

API for Compliance as a Service.

StratoKey CASB

StratoKey the CASB

Learn how StratoKey operates as a Cloud Access Security Broker for sensitive data in cloud and SaaS applications.

Cloud Data Protection

Delivering a complete, application agnostic, Cloud Data Protection platform through our EMAD™ technology stack.

How StratoKey works

See how StratoKey works to secure data in cloud and SaaS applications.

Featured Integrations

Box

Encryption, Monitoring, Analytics and Defensive capabilities for Box.

Confluence

Secure content in Confluence (including Cloud) with StratoKey.

Jira

Jira (including Cloud) encryption capabilities to support regulatory compliance.

NetSuite

Encryption, tokenization and anonymization services for NetSuite.

SAP Business ByDesign

Securing SAP Business ByDesign and S/4HANA with StratoKey.

Salesforce

Encryption and tokenization for Salesforce, without breaking your integrations.

ServiceNow

SNOW encryption, tokenization and anonymization. Official Partner.

Slack

Full control over data security through end-to-end encryption for Slack.

Application Agnostic

Highly configurable, field-level encryption and tokenization for any application.
Solutions

Cloud Data Pseudonymization

Anonymization of cloud data, without duplicates, whilst maintaining format.

Cloud Encryption

Standards compliant encryption for any cloud or SaaS application.

Cloud Access Security Brokers

A detailed feature summary of key StratoKey CASB characteristics.

Encryption as a Service (EaaS)

EaaS API with Encryption, Tokenization and Anonymization.
Compliance

HIPAA compliance

Meeting HIPAA compliance requirements for cloud and SaaS.

Data Sovereignty

Solving data sovereignty issues with cloud and SaaS applications.

GDPR compliance

How to ensure your cloud or SaaS application use is GDPR compliant.

Data breach laws

Understanding obligations imposed by data breach laws.

CASB Guide

How the right CASB can assist organizations in securing cloud data, applications and users.

StratoKey White Paper

A technical overview of how StratoKey operates to secure cloud and SaaS applications.

HIPAA Compliance Guide

How to meet stringent HIPAA PHI (Protected Health Information) requirements in the cloud.

GDPR Encryption Guide

What your organization can do to meet GDPR requirements when using cloud and SaaS apps.

Partner Program

Become a StratoKey platform or technical Partner.

Request Live Demonstration

Line up a StratoKey demonstration for your project team.

Contact us for more information

Contact us to discuss your requirements and learn more about StratoKey.

GDPR and Encryption

Jan 24, 2017
StratoKey

With GDPR now formally passed into law, StratoKey has released a comprehensive GDPR compliance guide. This guide focuses on how organisations can utlise StratoKey to meet GDPR requirements when using cloud and SaaS applications.

The General Data Protection Regulation (GDPR  2016/679 ) was approved by the European Parliament on 14 April 2016. With this approval, data protection regulations have been synchronised across all European Union (EU) member states. GDPR is the formal replacement for the EU Data Protection Directive (Directive 95/46/EC ). The effective date that GDPR will come into force is the 25th of May, 2018.


With the passing of GDPR into law, the pressure is now on organisations to get their GDPR compliance in order. With this comes a raft of compliance obligations for organisations handling EU resident�s personal data. GDPR has scope that includes firms based outside the EU.

GDPR Encryption

The purpose of GDPR

GDPR is designed to strengthen and unify protections for individuals' personal information across EU member states. GDPR specifically states "The protection of natural persons in relation to the processing of personal data is a fundamental right". With these stronger individual rights comes an increased obligation for organisations handling personal data to appropriately secure this data, or face penalties.

GDPR penalties

Pecuniary penalties are mandated by GDPR. This regulation establishes the imposition of penalties for the mishandling of personal data. Maximum fines of 20 million Euros or up to 4% of annual worldwide turnover (whichever is greater) can be applied for breaches of GDPR. In addition to financial penalties, organisations can be further sanctioned with bans from processing or suspension of data transfers through to criminal penalties.

GDPR covers personal information that relates to a natural person. Recital 26 S. 1 GDPR states "The principles of data protection should apply to any information concerning an identified or identifiable natural person". Furthermore Recital 34 S 1 specifically states that sensitive personal data is data that exerts "risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from personal data processing which could lead to physical, material or non-material damage" .

Privacy by Design

One interesting piece of GDPR is the requirement for organisations to consider the Privacy by Design paradigm for systems architecture. This architecture takes a privacy first (privacy by default) approach to handing of personal data. Privacy by Design sets out 7 fundamental principles:

  1.    Proactive not reactive; Preventative not remedial
  2.    Privacy as the default setting
  3.    Privacy embedded into design
  4.    Full functionality � positive-sum, not zero-sum
  5.    End-to-end security � full lifecycle protection
  6.    Visibility and transparency � keep it open
  7.    Respect for user privacy � keep it user-centric

GDPR mentions encryption as an appropriate mechanism for protecting personal data. Under GDPR, appropriate encryption has the specific benefit of removing the requirement to notify data subjects (individuals) in the event of a data breach .

For more information on GDPR and how StratoKey can assist your organisation in readying for GDPR, download our GDPR Encryption Guide, found at https://www.stratokey.com/resources/gdpr-encryption