On May 25, the General Data Protection Regulation (GDPR) will officially go into effect. Like with any major legal reform, questions arise about timing, application, ramifications and more. With the GDPR mandate’s focus on privacy and related data, questions have increased tenfold.
SonicWall is working hard to ensure compliance with GDPR requirements. SonicWall takes information security seriously and has implemented policies and procedures for safeguarding personal data that is stored, processed and/or transferred by SonicWall.
These policies and procedures include, without limitation, physical and logical access restrictions, data classification, access rights, credentialing programs, record retention, data privacy, information security and the treatment of personal data and sensitive personal data throughout its lifecycle.
To help clarify how SonicWall products and services are impacted by GDPR policies, please review the following.
The GDPR is legislation enacted by the European Union (EU) to protect all EU citizens from privacy and data breaches. The GDPR applies to companies and organizations located in the EU, as well as to companies outside the EU that collect, use, transmit or store personal data of EU citizens, regardless of where the activities take place. At a high level, GDPR:
Yes, but only to a very limited extent. SonicWall products help customers enable security in their networks (and to thus better comply with the GDPR), but SonicWall generally does not have access to, nor does it collect or use, the personal data of individuals.
The GDPR, therefore, does not apply to SonicWall products in most cases. Our customers’ use of our products by itself does not subject SonicWall to GDPR.
However, if SonicWall hosts a solution that is sold to a customer and the hosted solution allows a customer to access or use personal data in that hosted environment, then SonicWall may be subject to certain aspects of the GDPR. In those cases, SonicWall must ensure that adequate security is in place to protect that hosted environment.
In summary:
Presently, SonicWall directly maintains a majority of the systems used for our hosted solutions versus outsourcing this activity to a third party.
In the limited circumstances that SonicWall leverages third-party services, SonicWall works to ensure that it and its third-party provider have the appropriate safeguards in place to protect personal data as required by GDPR. SonicWall uses a number of technological and operational approaches in its physical security program to mitigate security risks to the extent reasonably practicable.
Our team is working to determine that appropriate measures are in place to prevent unauthorized persons from gaining access to systems within which data is processed and continually monitor any changes to the physical infrastructure, business and known threats.
We are also considering best practice measures used by others in the industry while balancing its approach toward security by considering elements of control that include architecture, operations and systems.
SonicWall customers are given the opportunity to choose the location of their primary data center where their information will be hosted. However, limited data may be transferred to other SonicWall locations for the purpose of providing services to our customers.
SonicWall acts as a provider of network security and content-based security solutions, and security of data is a key aspect in achieving data privacy principles.
We assist companies to secure their data in a smarter way. In the wake of burgeoning legislation and increased hacker intelligence, it is vital for organizations to encrypt their traffic and files, whether these are stored online or offline.
Using high-performance Deep Packet Inspection, SonicWall can spot malware and other nefarious traffic and behavior from among encrypted files, further safeguarding an organization.
SonicWall provides industry-leading machine learning technology to detect and block zero-day malware. We address advanced cyber threats, “malware cocktails” and related ransomware no matter if they are encrypted or clear, in email, on the web or in file exchange, regardless of the device in use. Our expertise in automated breach prevention means we don’t just spot malware, we prevent attacks from becoming successful.
To learn more about how GDPR applies to SonicWall products and services, please review the official SonicWall Privacy Statement.
Share This Article
An Article By
An Article By
SonicWall Staff
SonicWall Staff