EU Data Protection

Picture

The European Union (EU) Data Protection Directive was enacted in 1995. The directive establishes guidelines that the 25 EU member states must adhere to when monitoring workforce activity and collecting Personally Identifiable Information (PII).
Download EU Data Protection datasheet

Key facts and data security requirements you should know

  • Workplace monitoring is justified only if it protects legitimate business needs, and goes no further than is necessary to meet those needs (a.k.a. the Principle of Proportionality)
  • The Directive forbids the blanket collection and analysis of all employee transactions; information gathered must be the minimum required to detect potential data loss incidents
  • Access to confidential incident data on workers is limited to a need-to-know basis
  • The Directive is a framework to protect workers' privacy rights not a legal mandate
  • Each state enforces the directive in a different manner, which makes uniform compliance difficult
  • Some member nations have worker privacy laws written into their constitutions, while others have passed no regulations at all.

^ back to top

Proven EU Directive protection

FORTUNE 25 company relies on Vontu Network Monitor to protect confidential information while adhering to the EU Data Protection Directive

A FORTUNE 25 global enterprise initiated a company-wide risk management program to tightly control workforce information on more than 150,000 employees and meet stringent EU Data Protection privacy requirements. The company needed stronger data security policies, better incident management controls, and the ability to monitor millions of email and other communications per day that was in compliance with the EU Data Protection Directive. The company selected Vontu Network Monitor for its detection accuracy and scale across multiple communication protocols such as SMTP, HTTP, and FTP. To address the EU Data Protection Directive, the company leveraged Vontu's group based policy, which was configured to monitor based on worker attributes such as business unit and geography. With Vontu Network Monitor, they are able to better protect private company data and brand reputation while demonstrating compliance with EU privacy laws.

^ back to top

How Vontu solutions demonstrate compliance with the EU Data Protection Directive

Vontu solutions provide comprehensive data loss prevention for any organization that has operations, affiliates, or employees in the EU, or that collects or processes PII from EU residents. Advantages include:

  • Pre-defined EU Data Protection Directive Policy Template with rules-based matching technology and patented TrueMatch™ detection for the highest accuracy in the industry across all content and groups of people
  • Comply with organization privacy notices through policy-based monitoring
  • Targeted monitoring that safeguards employees' privacy by treating the sender's identity as "need-to-know", and collects only data that violates stated policy
  • Deep content inspection ensures high accuracy and minimal false positives which reduces risk of collecting information that doesn't violate policy
  • Role-Based Access Control enables business units and departments to review and remediate only those PII incidents based on authorization levels
  • Easily provide individuals or Works Council representatives with access to specific information through pre-built EU Data Directive compliance reports and logging changes to policies and all activities taken in response to an incident.

Download the Eight Steps to Data Security Compliance whitepaper

^ back to top