Overview
On May 25, 2018, the General Data Protection Regulation (GDPR) took effect in the European Union (EU). The new regulation imposes broad new data privacy protections for EU individuals and applies to any company that collects or handles EU personal data, regardless of the company's location. This article describes the steps we've taken to implement GDPR-compliant functionality in GFI products before GDPR enforcement begins.
Information
GFI is committed to helping its customers comply with GDPR through robust privacy and security protections in its products and services.
describe the steps we've taken to implement GDPR-compliant functionality in GFI products before GDPR enforcement begins.
How GFI addresses GDPR requirements
GFI is taking a multi-level approach to fulfill GDPR product compliance requirements with minimal impact to customers:
- Infrastructure - Addressing core infrastructure requirements around encryption, backups, and data retention.
- User Interface - Addressing additional GDPR needs through the existing user interface and APIs.
GDPR requirements by product
- GFI Archiver®
- GFI EndPointSecurity®
- GFI Events Manager®
- GFI FaxMake®
- GFI FaxMaker® Online
- GFI LanGuard®
- GFI MailEssentials®
- GFI OneConnect™
- GFI OneGuard™
- Exinda Network Orchestrator®
- Kerio® Connect
- Kerio® Control
- Kerio® Operator
- MyKerio®
GFI® Archiver
Infrastructure
User Interface
General recommendations
- User Interface: Select HTTPS setting via IIS Admin console.
- Database: Encrypt at DB level.
- Configuration: Encrypt via disk-level encryption.
GFI EventsManager®
Infrastructure
User Interface
General recommendations
- Configuration & Data: Encrypt via disk-level encryption.
GFI FaxMaker®
Infrastructure
User Interface
General recommendations
- User Interface: Select HTTPS setting via IIS Admin console.
- Database: Encrypt at DB level.
- Configuration: Encrypt via disk-level encryption.
GFI FaxMaker® Online
Hosted Infrastructure
User Interface
GFI MailEssentials®
Infrastructure
User Interface
General recommendations
- User Interface: Select HTTPS setting via IIS Admin console.
- Quarantined metadata: Encrypt via disk-level encryption.
- Quarantine Emails: Currently encrypted. Additional level of encryption can be achieved via disk-level encryption.
- Configuration: Encrypt via disk-level encryption.
GFI OneConnect™
Hosted Infrastructure
User Interface
GFI OneGuard™
Infrastructure
User Interface
General recommendations
- User Interface: Select HTTPS setting via IIS Admin console.
- Databases: Microsoft SQL Server - encrypt at database level. LocalDB or Microsoft SQL Server Express - encrypt via disk-level encryption.
- Configuration: Encrypt via disk-level encryption.
Exinda Network Orchestrator®
Infrastructure
User Interface
General recommendations
- User Interface: Select HTTPS setting via IIS Admin console.
- Databases: Encrypt at DB level.
- Configuration: Encrypt via disk-level encryption.
Kerio® Connect
Infrastructure
User Interface
General recommendations for on-premises installations
- User Interface: Use an externally validated certificate for HTTPs communication.
- Databases: Ensure enabled protocols are secure.
- Disk: Microsoft Windows installations - enable disk-based encryption using Bitlocker, Apple Mac - enable disk based encryption using FileVault2.
Kerio® Control
Infrastructure
User Interface
Kerio® Operator
Infrastructure
User Interface
MyKerio
Hosted Infrastructure
User Interface
GFI EndPointSecurity®
GFI EndPointSecurity does not store or transmit any user data, and therefore the product does not have GDPR-specific functionality.
In specific industries where application and IP addresses or machine names are a privacy concern, then database and disk-based encryption can be enabled.
GFI LanGuard®
GFI LanGuard does not store or transmit any user data, and therefore is not affected by GDPR.
In specific industries where application and IP addresses or machine names are a privacy concern, then disk-based encryption can be enabled.
We're here to help
If you have any additional questions or need assistance, please contact support. GFI's support team is available to assist with the configuration necessary to achieve GDPR compliance. For more information, please contact your GFI Distributor or account manager.
Legal Notices
Copyright © 2018. GFI Software IP Sarl and GFI Software Ltd (collectively, “GFI”). All Rights Reserved. These materials and all GFI products are copyrighted and all rights are reserved by GFI. GFI, GFI EndPointSecurity, GFI EventsManager, GFI FaxMaker, GFI LanGuard, and GFI MailEssentials are registered trademarks, and GFI OneConnect and GFI OneGuard are trademarks, of GFI Software IP Sarl in the United States and/or other countries. FaxMaker and LanGuard are registered trademarks of GFI Software Ltd. in the United States and/or other countries. Exinda Network Orchestrator is a registered trademark of Exinda Inc. in the United States and/or other countries. Kerio is a registered trademark of Kerio Technologies Inc. in the United States and/or other countries. All other marks contained herein are for informational purposes only and may be trademarks of their respective owners.
The information in these materials is for informational purposes only and GFI and its affiliates assume no responsibility for any errors that may appear herein. GFI reserves the right to revise this information and to make changes from time to time to the content hereof without obligation of GFI to notify any person of such revisions or changes. GFI MAKES NO EXPRESS GUARANTEES OR ANY GUARANTEES IMPLYING LEGAL INTENT WITHIN THIS DOCUMENT. The content of this document is not intended to represent any recommendation on the part of GFI. Please consult your legal and compliance advisors to confirm that your use of this document is appropriate, that it contains the appropriate disclosures for your business, and is appropriate for the intended use and audience.
This document may provide access to or information on content, products, or services from third parties. GFI is not responsible for third party content referenced herein or for any changes or updates to such third-party sites, and you bear all risks associated with the access to, and use of, such web sites and third-party content. GFI and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.