Data Protection Regulations

Recognizing the value of sensitive data and the harm that could be caused if certain data were to fall into the hands of the wrong parties, many governments have established regulations that address both data protection and data privacy. These laws can apply to specific geographies or span across industries and are typically focused on protecting personally identifiable information (PII) and other sensitive data.

One of the most influential of such laws in recent years is the European Union’s (EU) General Data Protection Regulations (GDPR). Any company doing business in the EU or European Economic Area (EEA), or marketing products or services to people in the EU or EEA, must comply with the broad data privacy and protection standards of GDPR or face serious financial repercussions in the form of fines and injunctions. Companies that capture and control personal data must have appropriate technical and organizational processes in place to meet GDPR standards, and they must maintain transparency as to how they use sensitive data, among other things.

Other country or region-specific data privacy laws, such as Brazil’s LGPD or the California Consumer Protection Act (CCPA), require similar protections within their territories. Some data protection regulations are industry specific, such as the Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act. The GLBA addresses the handling and protection of private information within the banking and financial services industries. Governments around the world are sending a clear message in this age of digital transformation: You must protect sensitive data or face consequences.

EncryptRIGHT® by Prime Factors is a multi-purpose, multi-platform data protection solution that is designed to help enterprises comply with GDPR and other data protection regulations.  Encryption and tokenization secure and pseudonymize sensitive information at rest and in motion.  Role-based data access controls along with dynamic data masking ensure purpose-specific minimization of private data across enterprise applications, users and regions.  EncryptRIGHT® comprehensively orchestrates encryption key management to assure the keys that lock and unlock data are always secure, and Audit Logs are easily configurable to track and alert, providing traceability, transparency, and compliance tracking.  With a scalable architecture that allows for expansion servers to be localized in certain network regions, a global data protection deployment can be regionalized as regulations require.