Coalfire Report: Egress can help with GDPR compliance

by Egress
Published on 6th Mar 2019

Interested in understanding how Egress can help your organisation with GDPR compliance?

Coalfire have conducted an independent technical assessment of the Egress platform to determine the solution’s suitability for meeting EU GDPR controls for protection of personal data. This included technical testing, architectural assessment, and compliance validation. Read the white paper here.

GDPR articles covered by the Egress platform

Coalfire's conclusion was that the Egress platform can help an organisation meet the following requirements of the GDPR:

  • Article 15 – Right of access by the data subject
  • Article 17 – Right to erasure (‘right to be forgotten’)
  • Article 18 – Right to restriction of processing
  • Article 19 – Notification obligation regarding rectification or erasure of personal data or restriction of processing
  • Article 28 – Processor
  • Article 32 – Security of processing
  • Article 33 – Notification of a personal data breach to a supervisory authority
  • Article 34 – Communication of a personal data breach to the data subject

Coalfire also confirmed that:

  • The Egress platform implements encryption for securing messages and data at rest by providing AES 256-bit encryption of all data
  • The strong encryption keys used are stored securely by the Egress platform
  • All session-level communication over the public internet is always TLS-protected in transit 

What does Egress provide for GDPR compliance?

Egress can help organisations:

  • Generate comprehensive reports about how personal data is shared and accessed
  • Maintain detailed logs of all actions performed by users and systems
  • Classify emails and files allowing sensitive personal content to be identified for appropriate handling 
  • Perform both ad-hoc and ongoing investigations into email behaviour, especially the handling of personal information 
  • Conduct subject access requests or legal e-discovery requests by searching both encrypted and plain text emails, then deliver results in encrypted format
  • Develop policies for data deletion after retention periods end or upon request
  • Provide tamper-proof copies of all data shared, preserving its integrity
  • Digitally sign and encrypted emails for integrity and confidentiality
  • Protect data using AES 256-bit encryption

Key points from the Coalfire white paper

  • "Egress can help organisations meet applicable sections of the GDPR and form part of the appropriate technical measures that organisations are required to implement"
  • "Egress demonstrated a high level of flexibility for managing access to shared personal data, customisation and enforcement of organisational policies, analysis of shared data, and protection mechanisms used for shared data"
System.InvalidOperationException: The partial view '/app_plugins/doctypegrideditor/views/doctypegrideditor.cshtml' was not found or no view engine supports the searched locations. The following locations were searched:
   at System.Web.Mvc.HtmlHelper.FindPartialView(ViewContext viewContext, String partialViewName, ViewEngineCollection viewEngineCollection)
   at System.Web.Mvc.HtmlHelper.RenderPartialInternal(String partialViewName, ViewDataDictionary viewData, Object model, TextWriter writer, ViewEngineCollection viewEngineCollection)
   at System.Web.Mvc.Html.PartialExtensions.Partial(HtmlHelper htmlHelper, String partialViewName, Object model, ViewDataDictionary viewData)
   at ASP._Page_Views_Partials_grid_editors_Base_cshtml.Execute() in C:\home\site\wwwroot\Views\Partials\grid\editors\Base.cshtml:line 20