Cisco Blogs
Share

Five Questions to Ask About Your Data Privacy in the EU


November 1, 2018 - 0 Comments

Cisco Announces New EU Data Warehouse for Cisco Umbrella Data Storage

Data privacy and how it impacts your company is likely top of your mind no matter where you are located. For EU companies, however, protecting customer data is now rule of law, and even your security solutions will need to comply with those rules.

Many security vendors store customer data in long-term activity logs for important reporting functions. This data often provides key information to help customers secure their networks and users. Why does this matter?

With European Union (EU) data sovereignty laws, including the new General Data Protection Regulation (or GDPR) regulations, storing EU-citizen data in a US-based data center can complicate things for EU companies and for US companies doing business in the EU.

Cisco is addressing these concerns and we’re pleased to announce a new EU data warehouse for Cisco Umbrella data storage. You can now select to store your Umbrella log data in the EU or in the US.

Now, let’s explore five common questions about data storage, particularly data storage in the EU.

  1. Why do security vendors even need to store customers’ data?

Vendors primarily store data on the customer’s behalf so that their reporting functions can pull from this data and provide important historical information.  This makes it possible for you to spot trends and anomalies. This becomes especially important when you are dealing with cybersecurity.  Trends and anomalies in security data can indicate security breaches.

  1. Why is it important to be able to store your data in the EU?  

Because of various regulations for EU data sovereignty and data locality, customers in the EU are very interested in where their data is stored.  GDPR has raised awareness further.  Knowing that their data can be stored in the EU can simplify the process for the company’s privacy officer.  Data stored properly in the US data warehouse can still meet EU compliance requirements but may require the company’s privacy officer to apply more scrutiny, making the process more difficult.

  1. What is GDPR and who does it affect?

The EU GDPR went into effect on May 25, 2018, and applies to all organizations that process EU personal data. Aimed at protecting the fundamental right to privacy, the new regulations are broad, strict, and require adherence from organizations all over the world.

  1. Can a product make an organization GDPR compliant?

No single product will make an organization GDPR compliant. GDPR is the legislative embodiment of privacy best practices and calls for transparency, fairness, and accountability when processing personal data. GDPR pushes the concepts of Privacy by Design and by Default: privacy and data protection have to be built-in and integrated in all data processing activities performed by the entity (the data controller) or by external organizations on its behalf (the data processor). This is about respecting individual rights, secure processes, and risk management. Well-applied technology solutions can help underpin success. For example, Cisco Umbrella can help customers raise their security levels by blocking suspicious domains that might be compromised.

  1. Does personal data need to remain in the EU?

No. People often assume that the EU GDPR requires data localization and that personal data must remain in the EU. GDPR provides that EU personal data should be processed in the EU, unless you have approved mechanisms that allow for the international transfer of data. For example, Cisco has certified compliance with the EU-US and Swiss-US Privacy Shield, which commits Cisco to a set of privacy principles and practices aligned to EU law when processing EU personal data in the US. The Shield framework has been deemed “adequate” by the European Commission – meaning EU personal data can flow to Shield-certified companies.

Now that we’ve walked through the answers to these common questions on data privacy and storage, let’s take a look at how Cisco Umbrella can help you maintain compliance with GDPR, while protecting against threats on the internet.

How does Cisco Umbrella help with EU data privacy? 

Cisco Umbrella provides the first line of defense against threats on the internet, wherever your users go – on or off the network.  Umbrella uses DNS to stop threats over all ports and protocols — even direct-to-IP connections so you can stop malware before it reaches your endpoints or network.

And yes, Umbrella stores important data so that you can see historical trends and keep your network secure. But, the new EU data warehouse for Cisco Umbrella log storage promises to make your life a little less complicated and enhance your data privacy. With Umbrella, you have one less thing to worry about.

If you’re interested in learning more about Cisco Umbrella privacy, go here.

Learn more about Cisco Umbrella here.

Leave a comment

We'd love to hear from you! Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.