Data security measures for GDPR Article 32 compliance.
Gatekeeper is a proximity-based identification and authentication solution using a physical dongle. A user must be physically present to access a workstation.
"Most screens auto-lock...but that's easily long enough for somebody to glance through your emails or copy your data somewhere else which with the introduction of GDPR in May could prove a legislative nightmare and risk for your company.
It's a simple idea, extremely effective and greatly improves workstation security in your business and employees love it as most importantly it is easy to use. GateKeeper allows for very complex passwords to be set on servers as no one needs to remember them."
Custard Technical Services
GateKeeper Enterprise GDPR Compliance Summary
Resilience in access control. GateKeeper fits the needs of organizations seeking to meet GDPR compliance requirements in Article 32. GateKeeper easily connects to syslog servers and integrates with enterprise security architecture.
GDPR Technical Requirements
Article 32 Compliance Description: Data security measures should, at a minimum, allow:
- Pseudonymizing or encrypting personal data.
- Maintaining ongoing confidentiality, integrity, availability, access, and resilience of processing systems and services.
- Restoring the availability of and access to personal data, in the event of a physical or technical security breach.
- Testing and evaluating the effectiveness of technical and organization measures.
|Requirement||Description||Article Number||GateKeeper Response|
|Change Management||Monitors, logs, and reports changes. Shows compliance auditors that changes to the actions can be traced.||32||GateKeeper is a proximity-based identification and authentication solution using a physical dongle. A user must be physically present to access a workstation. Audit logs of physical access using GateKeeper are stored indefinitely on the GateKeeper Enterprise server. Additionally, GateKeeper Enterprise provides robust auditing capabilities that identifies when an individual user was in proximity to a workstation and successfully locked/unlocked it. These audit logs are retained indefinitely. GateKeeper can connect to a syslog server and integrate with an enterprise security architecture. Authorized admins have the ability to export audit logs to further enable audit review, analysis, and reporting processes.
|Data Masking||Anonymizes data via encryption/hashing, generalization, perturbation, etc. Pseudonymizes data by replacing sensitive data with realistic fictional data that maintains operational and statistical accuracy.||32||GateKeeper uses AES-256 to store and transmit passwords, PIN logins are obscured, and all authentication information is obscured.|
|User Rights Management||Identifies excessive, inappropriate, and unused privileges.||32||GateKeeper Enterprise provides proximity-based authentication and authorization to workstations. Using GK Enterprise, an organization can granularly assign access permissions to individuals/groups on a per workstation basis. This helps enforce the concept of least privilege on a system level.|
|User Tracking||Maps end user to the system or data accessed.||32||GateKeeper Enterprise provides robust auditing capabilities that identify when an individual user was in proximity to a workstation and successfully locked/unlocked it. These audit logs are retained indefinitely.|
GateKeeper Enterprise 45-Day Trial
GateKeeper offers special pricing so you or your organization can try Enterprise before implementing on your entire network. All test packages include deployment assistance, premium support, and additional subscription discounts.