Coalfire Report: Egress can help with GDPR compliance
Interested in understanding how Egress can help your organization with GDPR compliance?
Coalfire have conducted an independent technical assessment of the Egress platform to determine the solution’s suitability for meeting EU GDPR controls for protection of personal data. This included technical testing, architectural assessment, and compliance validation. Read the white paper here.
GDPR articles covered by the Egress platform
Coalfire's conclusion was that the Egress platform can help an organization meet the following requirements of the GDPR:
- Article 15 – Right of access by the data subject
- Article 17 – Right to erasure (‘right to be forgotten’)
- Article 18 – Right to restriction of processing
- Article 19 – Notification obligation regarding rectification or erasure of personal data or restriction of processing
- Article 28 – Processor
- Article 32 – Security of processing
- Article 33 – Notification of a personal data breach to a supervisory authority
- Article 34 – Communication of a personal data breach to the data subject
Coalfire also confirmed that:
- The Egress platform implements encryption for securing messages and data at rest by providing AES 256-bit encryption of all data
- The strong encryption keys used are stored securely by the Egress platform
- All session-level communication over the public internet is always TLS-protected in transit
What does Egress provide for GDPR compliance?
Egress can help organizations:
- Generate comprehensive reports about how personal data is shared and accessed
- Maintain detailed logs of all actions performed by users and systems
- Classify emails and files allowing sensitive personal content to be identified for appropriate handling
- Perform both ad-hoc and ongoing investigations into email behavior, especially the handling of personal information
- Conduct subject access requests or legal e-discovery requests by searching both encrypted and plain text emails, then deliver results in encrypted format
- Develop policies for data deletion after retention periods end or upon request
- Provide tamper-proof copies of all data shared, preserving its integrity
- Digitally sign and encrypted emails for integrity and confidentiality
- Protect data using AES 256-bit encryption
Key points from the Coalfire white paper
- "Egress can help organizations meet applicable sections of the GDPR and form part of the appropriate technical measures that organizations are required to implement"
- "Egress demonstrated a high level of flexibility for managing access to shared personal data, customization and enforcement of organizational policies, analysis of shared data, and protection mechanisms used for shared data"