Thales can help organizations comply with Brazil’s LGPD and avoid fines and breach notifications through best practice data security, including:
Brazil’s General Data Protection Law (LGPD) went into effect in 2020.
According to Article 1 of the law:
This Law provides for the processing of personal data, including by digital means, by a natural person or a legal entity of public or private law, with the purpose of protecting the fundamental rights of freedom and privacy and the free development of the personality of the natural person.
Wherever you operate and whatever the regulation, you can rely on Thales to help manage your risk. Thales can help your organization comply with many of the requirements of LGPD.
Brazil’s General Data Protection Law (LGPD) requires best practice in data security for personal data and notes that personal data that has been anonymized is no longer considered to be within the scope of the law, if it cannot easily be returned to its original state by those who might obtain it.
Best practice for data security always includes:
Thales has years of experience helping organizations implement these best practices to help comply with LGDP.
Encryption and Tokenization
Thales’s CipherTrust Transparent Encryption solution protects data with file and volume level data-at-rest encryption, access controls, and data access audit logging without re-engineering applications, databases or infrastructure. Deployment of the transparent file encryption software is simple, scalable and fast, with agents installed above the file system on servers or virtual machines to enforce data security and compliance policies. Policy and encryption key management are provided by the CipherTrust Manager.
CipherTrust Tokenization dramatically reduces the cost and effort required to comply with security policies and regulatory mandates, such as LGPD. The solution delivers capabilities for database tokenization and dynamic display security. Enterprises can efficiently address their objectives for securing and pseudonymizing sensitive assets—whether they reside in data center, big data, container, or cloud environments.
CipherTrust Application Data Protection
CipherTrust Application Data Protection delivers key management, signing, and encryption services enabling comprehensive protection of files, database fields, big data selections, or data in platform-as-a-service (PaaS) environments. The solution is FIPS 140-2 Level-1 certified, based on the PKCS#11 standard and fully documented with a range of practical, use-case based extensions to the standard.
CipherTrust Application Data Protection eliminates the time, complexity, and risk of developing and implementing an in-house encryption and key management solution with development options including a comprehensive, traditional software development kit (SDK) for a wide range of languages and operating systems as well as a collection of RESTful APIs for the broadest platform support.
Encryption Key Management
Thales’ CipherTrust Enterprise Key Management unifies and centralizes encryption key management on premises and provides secure key management for data storage solutions. Cloud Key Management products include the CipherTrust Cloud Key Manager for centralized multi-cloud key life cycle visibility and management with FIPS-140-2 secure key storage, and Cloud Bring Your Own Key.
User Access Control
The CipherTrust Data Security Platform provides state of the art user access control.
Security Intelligence Logs
CipherTrust Security Intelligence produces detailed security event logs that are easy to integrate with Security Information and Event Management (SIEM) systems to produce the kind of security reports necessary for regulatory compliance.
These enterprise network security information logs produce an auditable trail of permitted and denied access attempts from users and processes, delivering unprecedented insight into file access activities. The logs can report unusual or improper data access and accelerate the detection of insider threats, hackers, and the presence of advanced persistent threats that defeat perimeter security.
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.
Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.