Compliance & Standards
Application Protection to Help Achieve GDPR Compliance
With the EU’s General Data Protection Regulation (GDPR) in effect from May 25, 2018, software developers must now consider security by design during application development to comply with the GDPR. Arxan and its product portfolio are GDPR compliant. Arxan also helps customers develop secure applications which protects PII and data stored inside the app in compliance with the GDPR.
Arxan GDPR Compliance Guide
Arxan helps protect applications in untrusted environments. Significant amounts of personally identifiable information (PII) is used in mobile apps, not just at the server, and needs to be protected. Protecting PII and data at rest is critical. But data center encryption of PII is not sufficient; whenever PII data is transmitted into or from the corporate perimeter it should be encrypted at the receiving/sending app as well having the transmission secured. Arxan can help secure PII from an app-centric approach specifically by:
- Protecting the app itself and, as a result, protecting the data stored inside the app
- Protecting the encryption keys that gives access to PII residing in the app along with any data transmitted to the app
- Arxan protects applications running on servers, desktops, laptops and mobile devices.
- App shielding combined with white-box cryptography helps to protect PII by adding layers of security to make it difficult to compromise an application and reach the underlying PII. Binary app protection (app shielding) makes gaining access to app code and processes extremely difficult and helps protect stored PII data.
- White-box cryptography is a secondary means to effectively protect keys, PII, and other sensitive data inside the app in the event the first layer of protection is compromised. It helps to ensure PII security, therefore helps keep businesses secure and compliant with GDPR guidelines.
Arxan Threat Analytics does not create GDPR issues since it was designed with GDPR in mind and does not contain or transmit PII. Customers utilizing Threat Analytics data are able to link it to PII if they so choose provided they have controls & systems in place to secure the PII on the business side.
- Arxan does not collect any PII with threat analytics - all data is generic and not connectable to a single person by Arxan.
- Arxan Threat Analytics information only becomes personally identifiable if a customer links it, which is done inside their own secure, GDPR-compliant environment, and never by Arxan.