Important functionalities of this type of HSM that help address GDPR requirements include:

Fine-grained access controls for users and data: Only the authorized processor can access the HSM encryption keys protecting the needed data, and only for the duration for which a business case exists as required by GDPR.
Tokenization: Consumers can use HSM to tokenize primary account numbers, addresses, date of birth, etc., to reduce the possibility of wrongful exposure.
Key destruction: Once a key is destroyed, no one (not even the organization, HSM-as-a-Service provider, or the user) can restore it. As a result, financial organizations can easily remove access to certain data.
Data-masking: This masks private data before it is processed in a test cluster, greatly reducing the GDPR compliance surface.
The right to be forgotten: If a consumer requests data erasure, the decryption key can be deleted. Such a deletion is logged into the central audit log and is irreversible. Financial organizations are assured that data cannot be accessed once the key has been deleted.
Portability of encryption keys: Personal data can be encrypted and the keys marked exportable.
Geo-fencing: Financial organizations can leverage this technology to adopt policies based on the location of data.
Global logging: All access to private information is automatically logged in a centrally viewable, tamper-proof global audit trail. There is never any confusion about who accessed which data and when.

Financial organizations should consider an HSM-as-a-Service that works seamlessly across nations to secure information spanning multiple regions, data centers and cloud environments. It should also offer telecom-grade service availability.

Instant Insights /

Address GDPR With Module-as-a-Service

Related Stories

Recommended For You