General Data Protection Regulation

What you need to know

  • GDPR is a comprehensive data privacy law designed to give EU citizens greater control over their personal data, as well as to standardize data protection laws across the EU member states.

  • GDPR requires organizations to obtain explicit consent from individuals before collecting or processing their personal data, and to provide individuals with certain rights with respect to their data, such as the right to access, correct, and delete their personal information.

  • GDPR increases accountability for data breaches and imposes strict penalties for non-compliance, which can include fines of up to EUR 20 million (USD $22 million) or 4% of a company's global annual revenue, whichever is higher. Learn more about GDPR penalties

  • GDPR requires organizations to properly protect personal data by implementing technical and organizational measures, including “pseudonymization and encryption” (Article 32)?

  • GDPR applies not only to organizations based in the EU, but also to organizations that process personal information of individuals located there(Article 3)?

  • GDPR mandates that organizations must notify the supervisory authority and affected individuals of a data breach within 72 hours? However, if personal data is encrypted or tokenized, and the encryption key is not compromised, then the data is considered unreadable and the breach notification requirement may not apply(Article 34).

  • GDPR prohibits the transfer of personal data outside the EU unless there are appropriate measures in place to protect encryption keys and ensure the security of personal data(Article 45)?

  • GDPR grants several rights to data subjects, such as the right to access, rectify, and erase their personal data (Articles 15 to 17)?

Key Benefits of comforte’s GDPR Compliance Services

The comforte Data Security Platform provides data discovery, classification and protection capabilities to help you:


GDPR compliance to avoid costly penalties


what data your organization collects, processes, stores, and shares


variety of protection methods to pseudonymize or encrypt personal data


consistent, granular access controls to ensure that only authorized users have access to personal data

FAQs on GDPR Compliance Services

Next steps


GDPR is vitally important to be compliant with. If you would like to learn more about our GDPR compliance services, please feel free to get in touch with our experts who would be happy to discuss solutions.


Contact us