What is GDPR?
- The General Data Protection Regulation (GDPR) is a new regulation in the European Union regarding data protection and privacy for residents of the European Union.
- The ultimate aim of the GDPR is to give EU residents complete control over their personal data - what, how, why, where, and when their personal data is used, processed, or disposed of.
- The GDPR consolidates different regulations across the European Union member states into a single, central standard.
- Personal data refers to all data that relates to an identifiable natural person including name, address, ID numbers, web data (location, IP address, cookie data), RFID, etc.
How does it affect businesses?
- Any company that handles EU residents' personal data should become GDPR-compliant on or before May 25, 2018.
- On violation, regulatory bodies will levy huge fines of up to €20M or 4% of their global annual revenue of the preceding financial year, whichever is higher.
How can Zoho Vault help in your GDPR journey?
Safeguard confidential data
Zoho Vault can help you to securely store all your confidential data (including personal data) such as login credentials - username, password, documents, social security number, bank account details, credit card number, etc. in a highly secure, encrypted, centralized repository for easy access and management.
Enforce password policies
You can improve the overall security of your company's web accounts by enforcing stronger password policies based on your requirements. Users can also run a password assessment report and find out in real-time the overall password strength of both their personal and enterprise accounts.
Securely manage enterprise accounts
With Zoho Vault, users can share passwords of enterprise accounts with team members based on roles and different levels of access permissions. There's also a provision to share passwords with contractors and temporary workers.
Control access to critical data
Administrators can quickly add users into Zoho Vault from G Suite, Office 365, Microsoft AD/LDAP, and Azure, share passwords with them, provide single sign-on access to cloud apps, and instantly deny access whenever a user is removed. You can also forcefully acquire passwords when a user is leaving your company on bad terms.
Track user actions
You can capture the user activities on your enterprise passwords in audit trails that run around the clock. The audit trails are tamper-proof and cannot be deleted.
Gain security insights
Administrators can gain a complete picture of which users have access to what passwords, the overall password strength of the company, unchanged passwords, etc.
How Zoho Vault ensures the protection of personal data?
- All confidential data is encrypted in the browser with AES-256 encryption using the user's passphrase which only the user knows.
- The encrypted data is securely transmitted over SSL and stored in Zoho's infrastructure with multiple data centers across USA and Europe.
- Data of user accounts created in the www.zoho.eu/vault resides only in our EU data centers.
- Administrators can enforce two-factor authentication for an additional level of security and also configure role-based access.
- User actions on passwords are captured with IP addresses and time stamps. Audit logs are tamper-proof and cannot be deleted.
- Export of audits and reports are password protected.
- Administrators activities on audit logs are also logged in the audit activity tab.
- The basic design of Zoho Vault revolves around the concept of password ownership and sharing. Users can access secrets that are only owned by them and shared to them.
- Users can also classify a secret as 'Personal' or 'Enterprise' while adding. Administrators can never view, modify, delete, acquire and export secrets that are added under 'Personal' category.
- Users can login to their Zoho Vault anytime and edit their account information.
- Alternatively, users can also drop an email to firstname.lastname@example.org to modify and/or delete any information we have about them.
Right to be forgotten
- By default, user data will be deleted 30 days after user deletion in Zoho Vault.
- Administrators can configure the user data retention period in the privacy settings.
Notification on data breach
- Administrators will receive alerts via email when a user is trying to access Vault from restricted IP addresses.
- Users will also be alerted when their account has had five unsuccessful passphrase attempts.
Right to data portability
- Users get an option to easily export secrets stored in Zoho Vault either as Zoho Vault CSV or General CSV format.
- Administrators can also control whether users can or cannot export their secrets.
- Administrators can mark fields in secret types and audits as personal data. The marked personal fields can be restricted from export and masked.
- User activities on enterprise passwords are logged in the audit trails 24*7*365 along with the IP address, time stamp and user agent.