[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown) 3. [Data Compliance](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations?ts=markdown) 4. [What Is GDPR Compliance?](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance?ts=markdown) Table of Contents * [What Is Cybersecurity Compliance?](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations?ts=markdown) * [Three Pillars of Cybersecurity Compliance](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations#pillars?ts=markdown) * [Understanding Cybersecurity Compliance](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations#understanding?ts=markdown) * [Key Security Compliance Frameworks and Regulations](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations#key?ts=markdown) * [Building an Effective Cybersecurity Compliance Program](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations#building?ts=markdown) * [The Future of Cybersecurity Compliance: AI and Emerging Trends](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations#future?ts=markdown) * [Cybersecurity Compliance FAQs](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations#faqs?ts=markdown) * [What Is Healthcare Cybersecurity?](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity?ts=markdown) * [Why Is Cybersecurity Important to Healthcare](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#important?ts=markdown) * [Elements of Healthcare Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#elements?ts=markdown) * [HIPAA Security Rule](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#security?ts=markdown) * [Healthcare Data Breaches](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#breaches?ts=markdown) * [Healthcare Business Continuity](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#business?ts=markdown) * [Protected Healthcare Information](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#healthcare?ts=markdown) * [Key Challenges in Healthcare Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#challenges?ts=markdown) * [Healthcare Cybersecurity Strategies and Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#strategies?ts=markdown) * [The Future of Healthcare Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#future?ts=markdown) * [Healthcare Cybersecurity FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#faqs?ts=markdown) * What Is GDPR Compliance? * [What Is GDPR?](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#what?ts=markdown) * [GDPR \& Data Sovereignty](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#sovereignty?ts=markdown) * [Key Principles of the GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#key?ts=markdown) * [GDPR Requirements](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#gdpr?ts=markdown) * [GDPR FAQs](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#faqs?ts=markdown) * [What Is Personal Data?](https://www.paloaltonetworks.com/cyberpedia/personal-data?ts=markdown) * [Personal Data Explained](https://www.paloaltonetworks.com/cyberpedia/personal-data#personal?ts=markdown) * [Personal Data Across Various Legislations](https://www.paloaltonetworks.com/cyberpedia/personal-data#data?ts=markdown) * [Understanding Identifiability](https://www.paloaltonetworks.com/cyberpedia/personal-data#understanding?ts=markdown) * [Important Factors When Determining Personal Data](https://www.paloaltonetworks.com/cyberpedia/personal-data#important?ts=markdown) * [How Is Understanding Personal Data Beneficial?](https://www.paloaltonetworks.com/cyberpedia/personal-data#how?ts=markdown) * [Personal Data Security Tools](https://www.paloaltonetworks.com/cyberpedia/personal-data#tools?ts=markdown) * [Personal Data FAQs](https://www.paloaltonetworks.com/cyberpedia/personal-data#faqs?ts=markdown) * [What Is HIPAA?](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa?ts=markdown) * [Is Your Organization HIPAA Compliant?](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#compliant?ts=markdown) * [Understanding HIPAA](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#understanding?ts=markdown) * [What Is Protected Health Information (PHI)?](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#protected?ts=markdown) * [HIPAA: Breach Notification](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#breach?ts=markdown) * [HIPAA Privacy Rule: The Standard of Minimum Necessary](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#privacy?ts=markdown) * [The Security Rule: Safeguarding Electronic Protected Health Information](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#security?ts=markdown) * [OCR Audit Protocol](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#ocr?ts=markdown) * [HIPAA for Big Tech and Startups](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#big-tech?ts=markdown) * [HIPAA Compliance Tips for DevOps and AppSec Practitioners](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#devops?ts=markdown) * [HIPAA FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#faqs?ts=markdown) * [What Is Sensitive Data?](https://www.paloaltonetworks.com/cyberpedia/sensitive-data?ts=markdown) * [Sensitive Data Explained](https://www.paloaltonetworks.com/cyberpedia/sensitive-data#sensitive?ts=markdown) * [Understanding the Types of Sensitive Data](https://www.paloaltonetworks.com/cyberpedia/sensitive-data#understanding?ts=markdown) * [Navigating the Landscape of Data Privacy Regulations](https://www.paloaltonetworks.com/cyberpedia/sensitive-data#navigating?ts=markdown) * [Sensitive Data Protection: Best Practices](https://www.paloaltonetworks.com/cyberpedia/sensitive-data#best-practices?ts=markdown) * [Sensitive Data FAQs](https://www.paloaltonetworks.com/cyberpedia/sensitive-data#faqs?ts=markdown) * [What Is SOC 2 Compliance?](https://www.paloaltonetworks.com/cyberpedia/soc-2?ts=markdown) * [SOC 2 Explained](https://www.paloaltonetworks.com/cyberpedia/soc-2#soc?ts=markdown) * [Why SOC 2 Compliance Is Important](https://www.paloaltonetworks.com/cyberpedia/soc-2#why?ts=markdown) * [SOC 2 Requirements](https://www.paloaltonetworks.com/cyberpedia/soc-2#requirements?ts=markdown) * [Who Can Perform a SOC Audit?](https://www.paloaltonetworks.com/cyberpedia/soc-2#who?ts=markdown) * [SOC 2 Audit Checklist](https://www.paloaltonetworks.com/cyberpedia/soc-2#checklist?ts=markdown) * [SOC 1 Vs. SOC 2](https://www.paloaltonetworks.com/cyberpedia/soc-2#vs?ts=markdown) * [SOC 2 FAQs](https://www.paloaltonetworks.com/cyberpedia/soc-2#faqs?ts=markdown) * [What Is Healthcare Business Continuity?](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare?ts=markdown) * [Why Is Business Continuity Important to Healthcare?](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#important?ts=markdown) * [Potential Disruptions to Healthcare Organizations' Continuity](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#potential?ts=markdown) * [The Growing Threat of Ransomware in Healthcare](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#ransomware?ts=markdown) * [Why Healthcare Is a Prime Target for Cyberattacks](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#target?ts=markdown) * [How Healthcare Business Continuity Directly Impacts Lives](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#healthcare?ts=markdown) * [Costs of Downtime in the Healthcare Sector](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#costs?ts=markdown) * [How to Ensure Business Continuity in Healthcare](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#business?ts=markdown) * [Benefits of Business Continuity Planning](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#planning?ts=markdown) * [Healthcare Business Continuity FAQs](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#faqs?ts=markdown) * [What Are HIPAA Security Rules?](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules?ts=markdown) * [Why Is the HIPAA Security Rule Important?](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#why?ts=markdown) * [Overview of the HIPAA Security Rule](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#overview?ts=markdown) * [HIPAA Security Rule Requirements](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#requirements?ts=markdown) * [The HIPAA Breach Notification Rule](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#breach-notification-rule?ts=markdown) * [HIPAA Compliance and Enforcement](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#compliance-and-enforcement?ts=markdown) * [Best Practices for HIPAA Compliance](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#best-practices?ts=markdown) * [Potential Trends in HIPAA Security Rule](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#trends?ts=markdown) * [HIPAA Security Rule FAQs](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#faq?ts=markdown) * [What Is Protected Health Information (PHI)?](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi?ts=markdown) * [Why Is Protected Health Information (PHI) Important?](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#important?ts=markdown) * [Examples of Protected Health Information](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#protected?ts=markdown) * [What Is ePHI?](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#ephi?ts=markdown) * [Securing Protected Health Information](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#securing?ts=markdown) * [What Is a PHI Breach?](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#breach?ts=markdown) * [Evolving Landscape: Emerging Technologies and PHI Security](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#landscape?ts=markdown) * [Protected Health Information (PHI) FAQs](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#faqs?ts=markdown) * [What Is the California Consumer Privacy Act (CCPA)?](https://www.paloaltonetworks.com/cyberpedia/ccpa?ts=markdown) * [California Consumer Privacy Act (CCPA) Explained](https://www.paloaltonetworks.com/cyberpedia/ccpa#ccpa?ts=markdown) * [How Does the CCPA Define Personal Information?](https://www.paloaltonetworks.com/cyberpedia/ccpa#how?ts=markdown) * [CCPA Vs. GDPR](https://www.paloaltonetworks.com/cyberpedia/ccpa#compare?ts=markdown) * [Container Firewall FAQs](https://www.paloaltonetworks.com/cyberpedia/ccpa#faq?ts=markdown) * [An Overview of FedRAMP and Why You Should Care About It](https://www.paloaltonetworks.com/cyberpedia/fedramp-overview?ts=markdown) * [Advantages of FedRAMP for Federal Agencies](https://www.paloaltonetworks.com/cyberpedia/fedramp-overview#advantages?ts=markdown) * [Other Parties That May Be Interested in FedRAMP](https://www.paloaltonetworks.com/cyberpedia/fedramp-overview#other?ts=markdown) * [More Information](https://www.paloaltonetworks.com/cyberpedia/fedramp-overview#more?ts=markdown) * [What Is Data Governance?](https://www.paloaltonetworks.com/cyberpedia/data-governance?ts=markdown) * [Data Governance Explained](https://www.paloaltonetworks.com/cyberpedia/data-governance#data?ts=markdown) * [Why Data Governance Matters](https://www.paloaltonetworks.com/cyberpedia/data-governance#why?ts=markdown) * [The Benefits of Data Governance](https://www.paloaltonetworks.com/cyberpedia/data-governance#benefits?ts=markdown) * [Enterprise Data Governance Challenges](https://www.paloaltonetworks.com/cyberpedia/data-governance#enterprise?ts=markdown) * [Cloud Data Governance Challenges](https://www.paloaltonetworks.com/cyberpedia/data-governance#cloud?ts=markdown) * [Data Governance Strategy](https://www.paloaltonetworks.com/cyberpedia/data-governance#data-governance?ts=markdown) * [Building a Strong Data Governance Framework](https://www.paloaltonetworks.com/cyberpedia/data-governance#building?ts=markdown) * [Data Governance Best Practices: Tips and Strategies](https://www.paloaltonetworks.com/cyberpedia/data-governance#best-practices?ts=markdown) * [Securing Data Access: The Importance of Data Access Governance](https://www.paloaltonetworks.com/cyberpedia/data-governance#securing?ts=markdown) * [Unlock the Full Potential of Your Data with Comprehensive Data Governance Capabilities](https://www.paloaltonetworks.com/cyberpedia/data-governance#unlock?ts=markdown) * [Data Governance FAQs](https://www.paloaltonetworks.com/cyberpedia/data-governance#faqs?ts=markdown) * [What is the Difference between FISMA and FedRAMP?](https://www.paloaltonetworks.com/cyberpedia/difference-between-fisma-and-fedramp?ts=markdown) * [Simplified Healthcare Compliance and Risk Management with Prisma Cloud](https://www.paloaltonetworks.com/cyberpedia/simplified-healthcare-compliance-and-risk-management-with-prisma-cloud?ts=markdown) * [What Is Data Privacy?](https://www.paloaltonetworks.com/cyberpedia/data-privacy?ts=markdown) * [Data Privacy Explained](https://www.paloaltonetworks.com/cyberpedia/data-privacy#data?ts=markdown) * [Why Is Data Privacy Crucial for Businesses and Consumers?](https://www.paloaltonetworks.com/cyberpedia/data-privacy#why?ts=markdown) * [What Are the Use Cases for Data Privacy?](https://www.paloaltonetworks.com/cyberpedia/data-privacy#what?ts=markdown) * [‍Data Privacy FAQs](https://www.paloaltonetworks.com/cyberpedia/data-privacy#faqs?ts=markdown) * [How to Maintain AWS Compliance](https://www.paloaltonetworks.com/cyberpedia/how-to-maintain-aws-compliance?ts=markdown) * [What Is Data Compliance?](https://www.paloaltonetworks.com/cyberpedia/data-compliance?ts=markdown) * [Data Compliance Explained](https://www.paloaltonetworks.com/cyberpedia/data-compliance#data?ts=markdown) * [Why Is Data Compliance Important?](https://www.paloaltonetworks.com/cyberpedia/data-compliance#why?ts=markdown) * [Cloud Challenges Data Compliance](https://www.paloaltonetworks.com/cyberpedia/data-compliance#cloud?ts=markdown) * [Data Compliance Varies Across Industries](https://www.paloaltonetworks.com/cyberpedia/data-compliance#varies?ts=markdown) * [Meeting Data Compliance Standards](https://www.paloaltonetworks.com/cyberpedia/data-compliance#meeting?ts=markdown) * [Data Compliance FAQs](https://www.paloaltonetworks.com/cyberpedia/data-compliance#faqs?ts=markdown) * [What Is NIST?](https://www.paloaltonetworks.com/cyberpedia/nist?ts=markdown) * [NIST Explained](https://www.paloaltonetworks.com/cyberpedia/nist#nist?ts=markdown) * [The NIST Secure Software Development Framework (SSDF)](https://www.paloaltonetworks.com/cyberpedia/nist#the?ts=markdown) * [What Do Nist Guidelines Cover?](https://www.paloaltonetworks.com/cyberpedia/nist#what?ts=markdown) * [CSF Vs. SSDF](https://www.paloaltonetworks.com/cyberpedia/nist#vs?ts=markdown) * [‍NIST FAQs](https://www.paloaltonetworks.com/cyberpedia/nist#faqs?ts=markdown) * [What Is Data Privacy Compliance?](https://www.paloaltonetworks.com/cyberpedia/data-privacy-compliance?ts=markdown) * [Database Security in Public Clouds](https://www.paloaltonetworks.com/cyberpedia/data-privacy-compliance#database?ts=markdown) * [Elements of Database Security](https://www.paloaltonetworks.com/cyberpedia/data-privacy-compliance#elements?ts=markdown) * [Database Security: 8 Best Practices](https://www.paloaltonetworks.com/cyberpedia/data-privacy-compliance#security?ts=markdown) * [Database Security FAQs](https://www.paloaltonetworks.com/cyberpedia/data-privacy-compliance#faqs?ts=markdown) * [How The Next-Generation Security Platform Contributes to GDPR Compliance](https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-compliance?ts=markdown) * [Data Breach Prevention](https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-compliance#data?ts=markdown) * [Managing Security Processes Centrally](https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-compliance#managing?ts=markdown) * [Preventing Data Exfiltration or Leakage](https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-compliance#preventing?ts=markdown) * [Data Breach Notification](https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-compliance#breach?ts=markdown) * [What Is PCI DSS?](https://www.paloaltonetworks.com/cyberpedia/pci-dss?ts=markdown) * [PCI DSS Explained](https://www.paloaltonetworks.com/cyberpedia/pci-dss#pci?ts=markdown) * [Why PCI DSS Compliance Is Important](https://www.paloaltonetworks.com/cyberpedia/pci-dss#why?ts=markdown) * [PCI DSS Requirements](https://www.paloaltonetworks.com/cyberpedia/pci-dss#dss?ts=markdown) * [Technical Best Practices for PCI DSS Compliance](https://www.paloaltonetworks.com/cyberpedia/pci-dss#technical?ts=markdown) * [Preparing for a PCI DSS Assessment](https://www.paloaltonetworks.com/cyberpedia/pci-dss#preparing?ts=markdown) * [PCI DSS FAQs](https://www.paloaltonetworks.com/cyberpedia/pci-dss#faqs?ts=markdown) * [What Is PII?](https://www.paloaltonetworks.com/cyberpedia/pii?ts=markdown) * [Personally Identifiable Information (PII) Explained](https://www.paloaltonetworks.com/cyberpedia/pii#personally?ts=markdown) * [Why Is PII Important?](https://www.paloaltonetworks.com/cyberpedia/pii#why?ts=markdown) * [PII Worldwide](https://www.paloaltonetworks.com/cyberpedia/pii#pii?ts=markdown) * [Personal Data Vs. PII](https://www.paloaltonetworks.com/cyberpedia/pii#vs?ts=markdown) * [PHI Vs. PII](https://www.paloaltonetworks.com/cyberpedia/pii#phi?ts=markdown) * [PII Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/pii#best?ts=markdown) * [PII FAQs](https://www.paloaltonetworks.com/cyberpedia/pii#faqs?ts=markdown) # What Is GDPR Compliance? 5 min. read Table of Contents * * [What Is GDPR?](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#what?ts=markdown) * [GDPR \& Data Sovereignty](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#sovereignty?ts=markdown) * [Key Principles of the GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#key?ts=markdown) * [GDPR Requirements](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#gdpr?ts=markdown) * [GDPR FAQs](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#faqs?ts=markdown) 1. What Is GDPR? * * [What Is GDPR?](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#what?ts=markdown) * [GDPR \& Data Sovereignty](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#sovereignty?ts=markdown) * [Key Principles of the GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#key?ts=markdown) * [GDPR Requirements](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#gdpr?ts=markdown) * [GDPR FAQs](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#faqs?ts=markdown) GDPR compliance refers to adhering to the General Data Protection Regulation (GDPR), a set of rules established by the European Union (EU) to protect individuals' personal data and privacy. Compliance involves implementing appropriate technical and organizational measures to ensure data protection, including obtaining explicit consent for data collection, limiting data processing to specific purposes, and ensuring data accuracy. Organizations must also establish secure storage and data breach protocols, provide individuals with access to and control over their data, and meet legal requirements for processing sensitive information. Noncompliance may result in hefty fines, up to 4% of annual global revenue or €20 million, whichever is greater. ## What Is GDPR? The General Data Protection Regulation (GDPR) is EU legislation that came into effect on May 25, 2018. It has wide-reaching implications for data protection and security. GDPR applies to any organization that operates in the European Union (EU), but also to organizations that offer goods or services to EU residents --- regardless of where these organizations are located. Under the GDPR, organizations must gain explicit consent to collect, use, or process personal data. They also need a lawful basis for processing the data --- such as a contract with the individual or a legitimate interest in processing the data. This gives EU residents much more control over personal data, or data that can be used to identify them. Other protections established or strengthened in the GDPR include: * Strict rules on [data security](https://www.paloaltonetworks.com/cyberpedia/what-is-data-security?ts=markdown) and [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown) * An individual's right to access and control their personal data * A right to request that personal data be erased (e.g., the "right to be forgotten") * A right to data portability --- i.e., to request and receive a readable copy of your personal data A violation of the GDPR can cost an organization: fines can be up to 4% of its annual global revenue, or €20 million --- the greater of the two. While the GDPR does not specifically mention cloud storage, it does apply when a company is processing personal data in the cloud. Organizations must ensure that they comply with the GDPR's requirements when using cloud storage to store personal data of individuals within the EU. The GDPR has had a significant impact on how organizations handle personal data and has set a new global standard for data protection laws. ## GDPR \& Data Sovereignty Data sovereignty refers to the concept that data is subject to the laws and regulations of the country where it is collected, stored, or processed. Organizations must comply with local data protection laws. In other words, data sovereignty impacts cloud storage strategies, requiring localized data centers and robust compliance measures to manage cross-border [data flows](https://www.paloaltonetworks.com/cyberpedia/data-movement?ts=markdown) and protect sensitive information. The GDPR significantly impacts data sovereignty by enforcing strict guidelines on data handling and storage within the EU. Organizations must ensure that [personal data](https://www.paloaltonetworks.com/cyberpedia/personal-data?ts=markdown) remains within the jurisdiction of the EU or is transferred only to countries with equivalent data protection standards. GDPR mandates explicit consent for data collection, clear data usage policies, and the right for individuals to access, correct, or delete their data. Data sovereignty under GDPR emphasizes that data protection laws apply based on the location of the data subject, not the data processor. Companies must implement security measures, such as encryption and access controls. It also includes provisions for cross-border data transfers, requiring organizations to use mechanisms like Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) to ensure compliance. ## Key Principles of the GDPR ### Principles Relating to Processing of Personal Data The GDPR sets forth a series of principles relating to the processing of personal data to ensure the protection of individuals' privacy rights. These principles, outlined in Article 5 of the GDPR, serve as the foundation for responsible data processing practices and must be adhered to by organizations handling personal data within the European Union. * **Lawfulness, fairness, and transparency:** Data processing must be conducted lawfully, fairly, and transparently, ensuring that individuals are aware of how their personal data is being collected, used, and shared. Organizations must have a valid legal basis for processing and be open about their data practices. * **Purpose limitation:** Personal data should only be collected for specific, explicit, and legitimate purposes. Organizations must not process data in a manner incompatible with the original purpose, unless they obtain the data subject's consent or have another valid legal basis. * **Data minimization:** Organizations should collect and process only the minimum amount of personal data necessary to fulfill the intended purpose. Excessive or irrelevant data should not be collected or retained. * **Accuracy:** Personal data must be accurate, up-to-date, and, where necessary, corrected or deleted. Organizations should take reasonable steps to ensure that inaccurate or outdated data is rectified or removed from their systems. * **Storage limitation:** Personal data should be stored for no longer than necessary to achieve the intended purpose. Organizations must establish time limits for data retention and ensure that data is deleted or anonymized once it is no longer needed. * **Integrity and confidentiality:** Organizations must ensure the security and integrity of personal data by implementing appropriate technical and organizational measures. This includes safeguarding data from unauthorized access, accidental or unlawful destruction, loss, alteration, or disclosure. Measures such as encryption, access controls, and robust IT security are essential. * **Accountability:** Organizations are responsible for demonstrating compliance with GDPR principles and must implement measures to ensure adherence. This includes maintaining records of data processing activities, conducting data protection impact assessments, and appointing a Data Protection Officer (DPO) where necessary. By adhering to these principles, organizations can ensure that they process personal data responsibly, protecting the privacy rights of individuals and fostering trust in their data handling practices. ### Lawfulness of Processing The GDPR principle of lawfulness of processing mandates that organizations must have a valid legal basis for processing personal data, ensuring that all data processing activities are conducted in accordance with the law. This principle, outlined in Article 6 of the GDPR, establishes six legal bases for processing personal data, which are as follows: * **Consent:** The data subject has freely given their explicit, informed, and unambiguous consent for their personal data to be processed for a specific purpose. Consent must be easy to withdraw and should not be obtained through coercion or deception. * **Contractual necessity:** Processing personal data is necessary for the performance of a contract to which the data subject is a party, or for taking pre-contractual steps at the data subject's request. * **Legal obligation:** Processing is necessary for compliance with a legal obligation to which the data controller is subject. This refers to obligations arising from national or EU laws that require the processing of specific personal data. * **Vital interests:** Processing is necessary to protect the vital interests of the data subject or another natural person. This legal basis is typically invoked in emergency situations, such as life-threatening medical conditions, where obtaining consent or fulfilling contractual obligations is not possible. * **Public interest:** Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. This basis applies to public authorities or organizations carrying out tasks for the common good, such as public health, education, or law enforcement. * **Legitimate interests:** Processing is necessary for the legitimate interests of the data controller or a third party, except where such interests are overridden by the rights and freedoms of the data subject. The data controller must conduct a balancing test to determine if their interests justify the processing while ensuring that the data subject's rights are not unduly compromised. Organizations must identify and document the appropriate legal basis for each data processing activity they undertake, ensuring transparency and adherence to the GDPR principle of lawfulness of processing. This principle is fundamental in safeguarding the rights and freedoms of data subjects and promoting responsible data processing practices. ### Conditions for Consent The GDPR principle of Conditions for Consent, detailed in Article 7, establishes strict criteria for obtaining valid consent from data subjects to process their personal data. Organizations must follow these conditions to ensure that consent is freely given, specific, informed, and unambiguous. Key aspects of the Conditions for Consent include: * **Clear and plain language:** Consent requests must be presented in an easily accessible and understandable form, using clear and plain language. Jargon, legalese, or complex phrasing should be avoided to ensure that data subjects fully comprehend the request and the implications of providing consent. * **Distinct from other matters:** Consent should be distinguishable from other matters, such as terms and conditions or privacy policies. Bundling consent with unrelated issues can render it invalid, as data subjects must be able to freely give consent specifically for data processing activities. * **Specific and granular:** Consent must be specific to each distinct data processing operation. Granular consent options should be provided, allowing data subjects to consent to individual processing activities rather than being forced to accept all or none. * **Unambiguous indication:** Consent must be demonstrated through a clear affirmative action by the data subject, such as ticking a box, clicking a button, or verbally agreeing. Pre-ticked boxes, inactivity, or silence do not constitute valid consent. * **Easy withdrawal:** Data subjects must be able to withdraw their consent as easily as they gave it, without detriment or penalty. Organizations should provide simple and accessible mechanisms for withdrawal and inform data subjects of their right to withdraw prior to obtaining consent. * **Proof of consent:** Organizations must maintain records of the consent obtained from data subjects, including when and how consent was given, and the specific processing activities it covers. This documentation is necessary to demonstrate compliance with GDPR requirements. * **Age restrictions:** For processing personal data of children under the age of 16, parental consent is required. Member States may lower this age limit to no less than 13 years. Organizations must implement age verification and parental consent mechanisms when targeting children. Adhering to the Conditions for Consent ensures that organizations respect the rights and autonomy of data subjects, enabling them to make informed decisions about the processing of their personal data. Compliance with these conditions is essential to maintain transparency, trust, and accountability in data processing practices. ### Conditions Applicable to Child's Consent in Relation to Information Society Services The GDPR principle of Conditions Applicable to Child's Consent in Relation to Information Society Services, specified in Article 8, addresses the protection of children's personal data when accessing online services. Recognizing the vulnerability of children in the digital environment, GDPR establishes specific criteria for obtaining valid consent from minors. Key aspects of this principle include: * **Age threshold:** GDPR sets the age threshold for providing valid consent at 16 years. However, individual Member States can lower this age limit, provided it is not less than 13 years. Below this age, parental or guardian consent is required for processing a child's personal data in relation to information society services. * **Parental consent:** When a child below the age threshold accesses online services, organizations must obtain verifiable consent from a parent or guardian. This consent should adhere to the standard Conditions for Consent, ensuring it is informed, specific, and unambiguous. * **Age verification:** Organizations must make reasonable efforts to verify the age of data subjects. This may include requesting age-related information or implementing age-verification mechanisms to ensure that children below the age threshold do not provide consent without parental involvement. * **Parental authorization:** When obtaining parental consent, organizations should employ appropriate methods to authenticate the identity of the parent or guardian, ensuring that the individual providing consent holds parental responsibility for the child. * **Communication and information:** Just like with adult data subjects, organizations must provide clear and plain language explanations to children and their parents or guardians about the processing of personal data, including the purposes, potential risks, and the rights of the data subjects. * **Easy withdrawal:** Children and their parents or guardians should be able to withdraw consent as easily as they provided it, without detriment or penalty. Organizations must ensure that mechanisms for withdrawal are accessible and user-friendly. By adhering to the Conditions Applicable to Child's Consent in Relation to Information Society Services, organizations can safeguard the privacy rights of minors, promote responsible data processing practices, and ensure compliance with GDPR requirements concerning children's personal data. ### Processing of Special Categories of Personal Data The GDPR principle of Processing of Special Categories of Personal Data, outlined in Article 9, deals with the handling of [sensitive personal data](https://www.paloaltonetworks.com/cyberpedia/sensitive-data?ts=markdown) that may pose a higher risk to an individual's rights and freedoms. These special categories of data require stricter processing conditions and safeguards due to their sensitive nature. Key aspects of this principle include: * **Special categories:** Special categories of personal data include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health data, and data concerning a person's sex life or sexual orientation. * **Prohibition on processing:** GDPR generally prohibits the processing of special categories of personal data, except under specific circumstances where explicit consent is obtained, or other legal grounds apply. * **Explicit consent:** Data subjects must provide explicit consent for the processing of their special category data, which requires a clear and affirmative action that confirms their agreement to process sensitive personal data. Consent must be informed, specific, and unambiguous, and data subjects should have the right to withdraw consent at any time. * **Alternative legal grounds:** In the absence of explicit consent, organizations may process special category data if any of the following conditions apply: * Employment, social security, and social protection law requirements. * Vital interests protection where the data subject is incapable of providing consent. * Legitimate activities of non-profit organizations with a political, philosophical, religious, or trade union aim. * Data made public by the data subject. * Legal claims or judicial purposes. * Substantial public interest, based on EU or Member State laws. * Healthcare or public health management purposes, under the responsibility of medical professionals. * Archiving in the public interest, historical research, or statistical purposes. * Additional safeguards: Organizations processing special category data must implement appropriate safeguards to protect sensitive information. This may include data minimization, pseudonymization, encryption, access controls, and strict confidentiality measures. By adhering to the GDPR principle of Processing of Special Categories of Personal Data, organizations can ensure the protection of sensitive information, reduce risks to individual rights, and maintain compliance with GDPR requirements for handling sensitive personal data. ### Processing of Personal Data Relating to Criminal Convictions and Offenses The GDPR principle of Processing of Personal Data Relating to Criminal Convictions and Offenses, set forth in Article 10, governs the handling of personal data concerning an individual's criminal history. Due to the potential consequences of mishandling such data, GDPR imposes strict conditions and limitations on its processing. Key aspects of this principle include: * **Limited access to data:** The processing of personal data relating to criminal convictions and offenses should be carried out only under the control of an official authority or when specifically authorized by EU or Member State law. This limitation ensures that sensitive information about an individual's criminal background is handled responsibly and securely. * **Appropriate legal basis:** Organizations that are permitted to process personal data concerning criminal convictions and offenses must have a valid legal basis for doing so, such as fulfilling a legal obligation, protecting the public interest, or ensuring the security of individuals and communities. * **Comprehensive register:** When processing personal data relating to criminal convictions and offenses, organizations should maintain a comprehensive register of such data, ensuring it is accurate, up-to-date, and relevant to the purpose for which it is being processed. * **Safeguards and data protection:** Organizations processing this type of personal data must implement appropriate technical and organizational measures to protect the data against unauthorized access, accidental or unlawful destruction, loss, alteration, or disclosure. These measures may include encryption, access controls, and strict confidentiality protocols. * **Data minimization and storage limitation:** Organizations should only collect and store personal data relating to criminal convictions and offenses for as long as necessary to fulfill the intended purpose. Data minimization principles should be applied, and data should be deleted or anonymized when it is no longer required. * **Transparency and individual rights:** Organizations must inform data subjects about the processing of their personal data relating to criminal convictions and offenses and respect their rights under the GDPR, such as the right to access, rectify, or erase their data, subject to any restrictions imposed by applicable laws. By adhering to the GDPR principle of Processing of Personal Data Relating to Criminal Convictions and Offenses, organizations can ensure the responsible handling of sensitive information, mitigate risks to individual rights and freedoms, and maintain compliance with GDPR requirements for processing criminal history data. ### Processing That Doesn't Require Identification The GDPR principle of Processing Which Does Not Require Identification, highlighted in Article 11, addresses situations where organizations do not need to identify data subjects to process their personal data. This principle encourages data minimization and the adoption of privacy-enhancing techniques to reduce the risks associated with processing personal data. Key aspects of this principle include: * **No identification required:** Organizations are not obligated to maintain, obtain, or process additional information to identify a data subject if the identification is not necessary for the purpose of processing. This principle supports the use of anonymized or pseudonymized data, which can reduce privacy risks for data subjects. * **Data subject rights:** Data subjects have the right to access, rectify, erase, restrict, or object to the processing of their personal data under the GDPR. However, if an organization cannot identify a data subject, it may not be required to comply with these rights. In such cases, the data controller must demonstrate the impossibility of identifying the data subject. * **Demonstrating compliance:** Organizations must be able to prove that they have taken reasonable steps to comply with data subject rights while adhering to the principle of not requiring identification. This may include documenting the measures used to anonymize or pseudonymize data and explaining why identification is not necessary for the specific processing purpose. * **Obligation to inform:** If an organization cannot take action on a data subject's request due to their inability to identify the individual, they must inform the data subject accordingly, explaining the reasons for their inability to comply. The data subject may then provide additional information to enable their identification, if they choose to do so. * **Balancing rights and risks:** The principle of Processing Which Does Not Require Identification encourages organizations to balance the rights and interests of data subjects with the potential risks associated with processing identifiable personal data. By minimizing the need for identification, organizations can reduce the risk of unauthorized access, identity theft, or other privacy breaches. By adhering to the GDPR principle of Processing Which Does Not Require Identification, organizations can promote responsible data processing practices, enhance privacy protections, and ensure compliance with the GDPR while minimizing the risks associated with processing identifiable personal data. ## GDPR Requirements The GDPR requirements exist to protect individuals' personal data and privacy, while also emphasizing the importance of data security, particularly in cloud environments. By requiring organizations to obtain explicit, informed consent from data subjects, the GDPR empowers individuals to control how their data is collected, used, and processed. The GDPR consent process ensures that organizations are transparent about their intentions, fostering trust between parties. Emphasizing the importance of processing data lawfully, fairly, and transparently, the GDPR ensures that organizations have a valid legal basis for their actions. Data processing requirements tie into [data security](https://www.paloaltonetworks.com/cyberpedia/what-is-data-security?ts=markdown) by preventing unauthorized or unnecessary data processing, reducing the risk of [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown) or misuse. Data minimization, another key GDPR requirement, ensures that organizations only collect and process the minimum data necessary for their intended purpose. By reducing the amount of data held, organizations can minimize the potential impact of a security breach in the cloud. The GDPR also mandates that organizations maintain accurate and up-to-date personal data, which contributes to data security by ensuring that outdated or incorrect information is not retained or processed. This requirement reduces the risk of unauthorized access or data breaches in cloud environments. Data storage limitations imposed by the GDPR ensure that personal data is not retained longer than necessary. This requirement encourages organizations to establish secure data retention and deletion policies, reducing the risk of data breaches in the cloud. To ensure data security in the cloud, the GDPR requires organizations to implement appropriate technical and organizational measures, such as encryption, access controls, and rigorous IT security. These measures protect data from unauthorized access, accidental or unlawful destruction, loss, alteration, or disclosure. [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm?ts=markdown)solutions help organizations maintain visibility into these security controls and demonstrate ongoing compliance with GDPR requirements. GDPR requirements include holding organizations accountable for demonstrating GDPR compliance with its principles. This includes maintaining records of data processing activities, conducting data protection impact assessments, and appointing a data protection officer (DPO) where necessary. These GDPR requirements ensure that organizations prioritize data security in the cloud and hold themselves accountable for their actions. Finally, the GDPR provides special protections for children's data and sensitive personal data, recognizing their vulnerability and the potential consequences of mishandling such information. By adhering to strict conditions and limitations for processing sensitive data, organizations can ensure that this information is protected, particularly in cloud environments where data breaches can have significant repercussions. ## GDPR FAQs ### What is personal data? Personal data refers to any information related to an identified or identifiable natural person, known as a data subject. It encompasses a wide range of identifiers, such as name, identification number, location data, online identifiers, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of a person. In the context of cloud security, compliance with privacy regulations like the GDPR requires organizations to safeguard the personal data of individuals. ### What is a data subject? A data subject is an identifiable natural person whose personal data is processed by a data controller or processor. In the realm of cloud security, protecting the rights and privacy of data subjects is a top priority. This includes ensuring proper access controls, encryption, and compliance with GDPR requirements to maintain the confidentiality, integrity, and availability of the data subject's information. ### What is processing? Processing encompasses any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction. In cloud security, implementing robust measures to protect personal data during processing is vital. These measures can include data encryption, access controls, secure data transmission, and regular security assessments to ensure compliance with GDPR and other data protection regulations. ### What is meant by restriction of processing? Restriction of processing refers to the limitation of personal data processing activities, ensuring the data is stored but not further processed. This may be applied when a data subject contests the accuracy of their data, objects to processing, or when processing is deemed unlawful. In cloud security, technical measures such as access controls, data segregation, and monitoring tools are utilized to enforce restriction of processing while maintaining compliance with GDPR requirements. ### What is profiling? Profiling involves automated processing of personal data to evaluate, analyze, or predict certain aspects related to an individual, such as performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. In cloud security, organizations must ensure that profiling activities comply with GDPR requirements, including obtaining explicit consent, implementing appropriate safeguards to protect personal data, and providing data subjects the right to object to profiling. ### What is pseudonymisation? Pseudonymisation is a data protection technique that replaces identifiable personal data with artificial identifiers or pseudonyms, making it difficult to attribute the data to a specific individual without additional information. In cloud security, pseudonymisation plays a vital role in reducing the risks associated with data breaches and maintaining GDPR compliance. It enables data processing for statistical, research, or analytical purposes while minimizing the impact on individuals' privacy. ### What is a filing system? A filing system refers to any structured set of personal data that is accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis. In the context of cloud security, filing systems can include databases, file storage services, or content management systems. Proper organization and management of filing systems are central to GDPR compliance. ### What is a controller? A controller is a natural or legal person, public authority, agency, or other body that determines the purposes and means of personal data processing. In cloud security, controllers are responsible for ensuring compliance with GDPR and safeguarding data subjects' rights. This includes selecting secure cloud service providers, implementing data protection measures, and monitoring data processing activities to maintain the confidentiality, integrity, and availability of personal data. ### What is a processor? A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of a controller. In the realm of cloud security, processors, such as cloud service providers, must adhere to GDPR requirements and follow the instructions of the controller. They are responsible for implementing appropriate technical and organizational measures to protect personal data, such as encryption, access controls, and incident response plans, and must inform the controller of any breaches or risks related to data processing. ### What is a recipient? A recipient refers to a natural or legal person, public authority, agency, or other body to which personal data is disclosed, whether a third party or not. In cloud security, recipients may include cloud service providers, business partners, or other entities that receive personal data from the data controller. Ensuring secure data transmission and establishing clear agreements with recipients are essential for GDPR compliance and safeguarding data subjects' privacy. ### What is a third party? A third party is any natural or legal person, public authority, agency, or body other than the data subject, controller, processor, or those under the direct authority of the controller or processor authorized to process personal data. In the context of cloud security, third parties may involve subcontractors, consultants, or external service providers. To maintain GDPR compliance, controllers and processors must establish contractual agreements with third parties that define data protection responsibilities and obligations. ### What is consent? Consent is a freely given, specific, informed, and unambiguous indication of a data subject's agreement to the processing of their personal data. Acquiring valid consent is required by the GDPR and other privacy regulations. Consent must be obtained through a clear affirmative action, such as ticking a box or clicking a button, and data subjects must be able to withdraw their consent as easily as they provided it. ### What is a personal data breach? A personal data breach involves the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed. In cloud security, preventing and managing personal data breaches is critical to maintain GDPR compliance and protect data subjects' rights. Organizations must implement robust security measures, such as encryption, access controls, and monitoring, and report breaches to the relevant supervisory authority within 72 hours of becoming aware of the incident. ### What is genetic data? Genetic data refers to information about an individual's inherited or acquired genetic characteristics that provide unique insights into their physiology or health. Derived from the analysis of biological samples, such as blood or saliva, genetic data may include information about genes, chromosomes, or DNA sequences. Genetic data, due to its sensitive nature, is covered by GDPR requirements. ### What is biometric data? Biometric data consists of unique physical or behavioral characteristics of an individual that can be used for identification or authentication purposes. Examples include fingerprints, facial patterns, iris or retina scans, voice recognition, and gait analysis. In the context of cloud security, protecting biometric data is essential due to its potential for misuse, identity theft, or privacy breaches. Compliance with GDPR requirements and employing advanced security measures, such as data encryption and secure storage, are vital when handling biometric data. ### What is data concerning health? Data concerning health encompasses information related to the physical or mental health of an individual, including the provision of health care services, diagnosis, treatment, or assessment of health conditions. Health data can reveal sensitive details about a person's well-being, medical history, or lifestyle. In cloud security, ensuring the privacy and security of health data is critical, necessitating strict adherence to GDPR requirements, [HIPAA regulations (for US-based entities)](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa?ts=markdown), and the implementation of robust security measures, such as encryption, access controls, and secure data transmission. ### What is a main establishment? A main establishment refers to the primary location within the European Union where an organization's central administration or decision-making related to personal data processing takes place. For data controllers, this is typically the location where decisions about data processing purposes and means are made. For data processors, it is the location where their primary processing activities occur. ### What is a representative? A representative is a natural or legal person designated by a data controller or processor, established outside the European Union, to act on their behalf concerning GDPR obligations. The representative serves as a point of contact for data subjects and supervisory authorities within the EU. In cloud security, appointing a representative is essential for organizations based outside the EU that process personal data of EU residents, ensuring compliance with GDPR requirements and facilitating communication with relevant parties. ### What is an enterprise? An enterprise refers to a natural or legal person engaged in economic activity, irrespective of its legal form, including partnerships, associations, or bodies corporate. In the context of cloud security and GDPR, enterprises are responsible for implementing appropriate data protection measures, complying with regulatory requirements, and safeguarding personal data processed through their cloud services or infrastructure. ### What is a group of undertakings? A group of undertakings consists of a controlling undertaking and its controlled undertakings, linked by relationships such as ownership or management, forming a cohesive economic unit. In cloud security, a group of undertakings may share cloud infrastructure, services, or data processing activities, necessitating coordinated data protection efforts, GDPR compliance, and the implementation of security measures across the group to safeguard personal data. ### What are binding corporate rules? Binding corporate rules (BCRs) are a set of internal policies and procedures established by multinational enterprises to ensure a consistent level of data protection across their global operations. BCRs must be approved by relevant supervisory authorities and meet GDPR requirements. In cloud security, BCRs play a role in governing personal data transfers between entities within the same corporate group, ensuring that data protection standards are maintained across different jurisdictions. ### What is a supervisory authority? A supervisory authority is an independent public body responsible for monitoring and enforcing data protection regulations, such as the GDPR, within a specific EU Member State. Each Member State has at least one supervisory authority, tasked with ensuring compliance, investigating complaints, and imposing administrative fines for non-compliance. In the context of cloud security, organizations must engage with the appropriate supervisory authority to report personal data breaches, consult on data protection matters, and ensure adherence to GDPR requirements. ### What is a supervisory authority concerned? A supervisory authority concerned refers to a supervisory authority with an interest in a specific data protection matter, often due to the potential impact on data subjects within its jurisdiction. In cloud security, a supervisory authority concerned may collaborate with the lead supervisory authority in cross-border processing cases, providing input, participating in joint investigations, or sharing relevant information to ensure GDPR compliance and the protection of data subjects' rights. ### What is cross-border processing? Cross-border processing involves the processing of personal data that takes place in the context of activities of establishments in more than one EU Member State, or processing that significantly affects data subjects in multiple Member States. In cloud security, cross-border processing requires adherence to GDPR requirements across different jurisdictions, including data transfer mechanisms, cooperation with multiple supervisory authorities, and the implementation of consistent security measures to protect personal data. ### What is a relevant and reasoned objection? A relevant and reasoned objection is an objection raised by a supervisory authority concerned in response to a draft decision by the lead supervisory authority in cross-border processing cases. The objection must clearly demonstrate the potential infringement of the GDPR or the incorrect application of data protection rules in the draft decision. In the context of cloud security, addressing relevant and reasoned objections helps ensure compliance with GDPR requirements and the harmonized application of data protection regulations across different jurisdictions. ### What is an information society service? An information society service refers to any service provided at a distance, by electronic means, and at the request of a recipient, including online services, e-commerce platforms, and internet-based applications. In cloud security, information society services must comply with GDPR requirements to protect personal data processed through their platforms. This includes obtaining valid consent from users, implementing security measures, and ensuring the rights of data subjects are upheld. ### What is an international organization? An international organization is a legal entity established by a treaty or other instrument governed by international law, comprising two or more countries, and possessing its own legal personality. In the context of cloud security, international organizations that process personal data of EU residents must adhere to GDPR requirements, even if their operations are based outside the EU. Compliance with GDPR involves implementing appropriate data protection measures, engaging with supervisory authorities, and ensuring the secure transfer of personal data across borders. Related Content [The State of Cloud Data Security in 2023 Gain insights on the best ways to secure sensitive data in your cloud environments based on real-world research analyzing 13B+ files stored in public cloud environments.](https://www.paloaltonetworks.com/resources/research/data-security-2023-report?ts=markdown) [Securing the Data Landscape with DSPM and DDR Stay ahead of the data security risks. Learn how data security posture management (DSPM) with data detection and response (DDR) fills the security gaps to strengthen your security ...](https://www.paloaltonetworks.com/resources/guides/dspm-ddr-big-guide?ts=markdown) [5 Orgs Achieve 360° Visibility and Compliance Learn how organizations achieve centralized visibility across cloud environments to remediate vulnerabilities and eliminate threats.](https://www.paloaltonetworks.com/resources/ebooks/customer-spotlight-visibility-and-compliance?ts=markdown) [DSPM: Do You Know You Need It? Discover five predominant approaches to data security, along with use cases and applications for each data security approach.](https://www.paloaltonetworks.com/resources/datasheets/why-dspm?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20GDPR%20Compliance%3F&body=Empower%20your%20enterprise%20to%20navigate%20the%20complexities%20of%20GDPR%20compliance.%20Discover%20how%20to%20safeguard%20data%2C%20protect%20individuals%27%20rights%2C%20and%20maintain%20compliance%20with%20the%20EU%27s%20data%20protection%20regulations.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/gdpr-compliance) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity?ts=markdown) What Is Healthcare Cybersecurity? [Next](https://www.paloaltonetworks.com/cyberpedia/personal-data?ts=markdown) What Is Personal Data? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language