SOLUTION BRIEF

NextLabs and the GDPR:

Automated, Integrated, Pervasive Protection
of Personal Data
NextLabs’ attribute-based policy platform secures sensitive personal
information at the data level—regardless of whether it resides inside or
outside your organization; in structured or unstructured formats; or in
applications, the cloud, or mobile devices. NextLabs solutions help you
automate the consistent enforcement of GDPR-related compliance
and security policies across the enterprise to protect personally
identifiable information (PII); monitor and control access to PII; and
prevent security violations caused by information sharing, external
breaches, and internal misuse.

Ensure the Expanded Rights of Data Subjects GDPR Impact on IT, Security, and Compliance
If your organization captures, processes, and/or controls To meet all the requirements specified in the regulation
the personal data of people residing in the European (including data subjects’ expanded rights), IT, Security, and
Union (EU), you are certainly aware of the General Data Compliance leaders must be able to:
Protection Regulation (GDPR) and its upcoming full  Identify and classify all sources of personal data the
implementation date of May 25, 2018. This is the most organization has in its control, and know where that
important data privacy change in 20 years, and non- data is at all times
compliance can lead to sanctions, fines (up to 4% of annual
global turnover or €20 Million, whichever is greater),  Control access to personal data, so that only those
with proper authorization are able to view or perform
reputational damage, and individual private claims.
actions on it
The GDPR protects the rights of EU residents (both
 Document compliance with the GDPR, and have an
citizens and non-citizens) to determine whether, when, audit trail of how, when, and where the personal data is
how, and to whom their personal information is revealed used —both within and outside the organization
and how it can be used. The regulation expands protection
for special categories of personal data such as racial origin, To ensure full compliance with the GDPR, organizations
religion, political beliefs, genetic/biometric/health data, need a system that can automate policy enforcement
sexual orientation, and more. to remove the chance for user error. The solution must
also keep user attributes up to date without human
According to the GDPR, data subjects have the right to: intervention. In order to adequately protect PII, data must
be secured directly, protecting data that is shared across
 Access the personal data being collected on them and the extended enterprise (customers, partners, service
understand how it’s been processed and distributed providers, users) and no matter which device is used to
access it.
 Rectify incorrect personal data
NextLabs has these capabilities built into its platform, data
 Erase their personal data (the “right to be forgotten”) protection, and application security solutions. Out of the
box, NextLabs offers the “data protection by design and by
 Restrict how they use their personal data
default” required by Article 25 of the GDPR.
 Receive data that they have previously provided

 Be notified “without undue delay” when their personal

data is involved in a breach that is likely to result in high
risk to their “rights and freedoms”
Identify and Classify Personal Data The system makes authorization decisions at runtime, using
Accurately classifying data is key to ensuring adequate contextual information—or attributes—about the user (for
protection of PII. It is not possible to comply with the example, title, department, project); the data (classification,
requests of data subjects to access, rectify, erase, restrict, category, type, content); and environment (device,
and receive their personal data unless you first know location, time of day). This enables fine-grained decisions
precisely which data is sensitive and where that data to ensure that only the right people gain access to sensitive
resides—both inside and outside the organization, whether information.
on premise or in the cloud.
These data protections are persistent. NextLabs secures
Besides tracking the location of PII, data classification sensitive personal information at the data level, whether
also lets you set up the actions people can take when that data resides inside or outside your organization; in
they access it. You can define access and usage policies structured or unstructured formats; or in applications, the
associated with each type of classification. cloud, or mobile devices. In addition, you can:
NextLabs works with any file type and automatically  Mask, delete, and redact fields to comply with Article
classifies large file repositories based on your predefined 9 (increased protection for special categories of PII)
rules, keywords, and metadata. For example, because
the GDPR has restrictions on handling PII as it relates  Filter data so users see only the information they’re
to children, you’ll want to track data subjects’ age authorized to see
and set permitted actions on the data. (Note that you  Fulfill a data subject’s request to be forgotten by
can categorize personal data by any of the protected setting attributes for a specific time period/end date
categories, whether religion, gender, or more.) NextLabs (followed by deletion or inability to access)
can categorize personal data whether it resides in
structured or unstructured data formats. It can also:  Encrypt data so that PII is securely protected, even in
the case of a breach
 Automatically do batch classification based on your
rules, using content analysis to search for your desired  Segregate data to ensure only those who have rights
keywords and metadata can see the data
 Apply rules-based protection to sensitive files  Protect across multiple systems based on the same
 Segregate sensitive data into certain classified user attributes
directories
Document Compliance with the GDPR
 Scan incremental changes at time intervals you
specify, to ensure data is always properly classified The GDPR requires that organizations report data
breaches to the supervisory authority within 72 hours,
 Centrally manage your rules, and create reports to
and report which data was compromised and how many
show how your organization is distributing and storing
data subjects it affected. In addition, you must be able to
personal data
demonstrate compliance with all relevant articles of the
Control Access to Personal Data GDPR and verify that your value chain partners are in
compliance as well.
In the extended enterprise, where we share sensitive data
across organizations, over external systems, and with An added complication for compliance is that individual
unknown users and devices, implementing authorization EU countries may have other data protection regulations
policies consistently can seem an impossible challenge. on top of the GDPR mandate, which makes adhering to
In a typical scenario, each application and system silo regulations across country lines more complex. NextLabs’
has authorization policies that are redundant, difficult to fine-grained policies can account for local or country-
change, and costly to maintain. NextLabs’ centralized policy specific differences and grant access rights accordingly—
management accelerates data protection and compliance. making the process streamlined and easy to enforce.

The NextLabs platform is identity-aware, content-aware,

and context-aware. It automatically applies protections to
data based on its content—rather than relying on end users
to manually apply policies to each and every document.

© 2007-2017 NEXTLABS INC. ALL RIGHTS RESERVED

NextLabs helps you comply with the GDPR and document
your compliance by centralizing policy management with
full visibility and control. Organizations can centrally Centralized policy management automates
control the creation, enforcement, and management of Information consistent enforcement of GDPR-related
compliance and security policies
security policies across all applications and systems— Sharing Policies

ensuring that policies are aligned with business objectives

and are applied consistently across the enterprise

Comprehensive monitoring and reporting on user activity System uses attributes about the
and data access provides enhanced audit and compliance USER, DATA, and ENVIRONMENT
to make authorization decisions at
capabilities and allows organizations to detect anomalies time of request

in access patterns and alert administrators of suspicious

behavior—even before a breach occurs System applies policies consistently
— across devices, the cloud, and
the extended enterprise
The NextLabs platform supplies always-on event Business policy evaluation

monitoring and logging across your extended enterprise, so

that users with the proper access can view:

 Usage patterns
CUSTOMERS

PARTNERS

 Authorization decisions
VENDORS
USERS
 Trend analysis

 Audit trails for all data usage Business policy enforcement

How NextLabs Ensures GDPR Compliance

Simply putting data security tools and processes in place
Only authorized users
does not ensure that an organization is actually protecting PII have access to sensitive
personal data
sensitive data to the degree required by the GDPR.
NextLabs uniquely ensures full GDPR compliance through
its automated, integrated, and pervasive protection of PII:

 GDPR policies are created and managed in a

single platform, and are enforced consistently and
automatically across the enterprise. Organizations
have full visibility into which policies are enforced.

 Protection of PII is pervasive, no matter where the data

ABOUT NEXTLABS
resides: cloud, laptops, mobile devices, or file servers.
Data protection is persistent throughout the lifecycle NextLabs®, Inc. provides data-centric security software
regardless of where it goes. to protect business-critical data and applications.
Our patented dynamic-authorization technology and
 Policies are easily amended or updated and the system industry-leading attribute-based policy platform help
automatically enforces the new policies across the enterprises identify and protect sensitive data, monitor
and control access to the data, and prevent regulatory
extended enterprise.
violations—whether in the cloud or on premise. The
 As user status changes (for example, team members software automates enforcement of security controls
and compliance policies to enable secure information
leave a project), the system automatically takes status
sharing across the extended enterprise.
changes into account when evaluating access requests
so the most current information is used to determine NextLabs has some of the largest global enterprises as
whether access should be granted. customers and has strategic relationships with industry
leaders such as SAP, Siemens, Microsoft, and IBM.
 Centralized visibility and reporting provides a real-time
For more information on NextLabs, please visit
view of data access and usage, regardless of where the http://www.nextlabs.com.
data goes.