Worried about GDPR?

We at Palo Alto Networks take privacy and security very seriously. We are committed to supporting our customers as they address the requirements applicable to them.

Our GDPR readiness

We’ve launched a GDPR program to address our responsibilities as both a trusted data controller and a trusted data processor.

We have prepared a Data Processing Agreement to address how we process our customers’ data in compliance with the act. Click here for the DPA or check the FAQs for further information

How we can help

We know that compliance is a shared responsibility. Our products can help you meet your goals on your journey to GDPR readiness (and compliance). Our GDPR whitepaper Product privacy datasheets Read more

Resources & FAQs

We’ve compiled some helpful resources to help you learn more. Palo Alto Networks GDPR FAQs EU Commission GDPR Guidance UK ICO Guidance

FAQ

What is the GDPR?
The GDPR stands for the General Data Protection Regulation, which is a comprehensive EU data protection law, adopted in May 2016, updating the existing EU data protection law (the 1996 Data Protection Directive) to further strengthen the protection of personal data of individuals in the EU. It takes full effect on May 25, 2018.
To whom does the GDPR apply?
The GDPR applies to organizations that collect and process personal data of individuals in the EU for their own purposes, defined as Controllers by the regulation, as well as to organizations that process data on behalf of others, defined as Processors by the regulation. This is a shift from the preceding EU data protection law, which only applied to controllers.
Does GDPR apply to companies that are not based in the EU?
Yes. The GDPR applies to entities that collect or process personal data of individuals in the European Union, even if the entity is not established in the EU, for instance if the entity is offering goods and services targeted at EU data subjects or is monitoring their behaviour within the EU.
What are the resources available to me as Palo Alto Networks customer?
We have launched a GDPR Readiness Program to address our responsibilities as data controller and as data processor under GDPR.
We have updated the terms of our End User License Agreement (EULA) terms to include provisions addressing the requirements of art. 28 of the GDPR, including right of audit, data breach reporting, sub-processors, etc., so that our customers have the appropriate terms in place when Palo Alto Networks acts as their data processor. Moreover, we are making available to our existing customers that have signed a previous version of the EULA a pre-signed Data Processing Agreement they can download here, the terms of which address the requirements of art. 28 for contracts between data controllers and data processors.
Lastly, customers that wish to conduct a data protection impact assessment of our products can find more information on how our products process personal information in our Product Privacy Data Sheets at www.paloaltonetworks.com/resources/datasheets/product-privacy-datasheets.
How is Palo Alto Networks addressing cross-border data transfers under the GDPR?
Palo Alto Networks has executed intercompany agreements based on the EU approved standard contractual clauses, to support the transfer of customer data from the EU to the US.
What if customers want to keep data within the EU?
For customers that want to store their data within the EU (or another region), for certain products Palo Alto Networks regional clouds provide options to address our customers’ data location preference, while providing them our world-class security and prevention through the power of our global threat intelligence and protection.
How can Palo Alto Networks help its customers in their journey to GDPR compliance?
The GDPR requires organizations to put in places measures to secure personal data. In particular, entities are expected to determine and adopt appropriate security, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Palo Alto Networks has prepared a white paper, How the Next-Generation Security Platform Contributes to GDPR Compliance, to outline how our platform can help. Also, our products and services provide options to configure our products so that they can be implemented in compliance with privacy principles, with customers’ policies, and with GDPR. This includes controls that allow customers to determine which data to share with Palo Alto Networks, or who can access the data, for example. For more information about the privacy impact of our products, users can review our Product Privacy Datasheets at https://www.paloaltonetworks.com/resources/datasheets/product-privacy-datasheets.
Additional Question?
For any additional question about GDPR and Palo Alto Networks, please contact gdprinfo@paloaltonetworks.com.

How to be prepared for GDPR

Where are you now?
Assessing your current status

We have tools, and partners that can help you identify where you are now, help with ‘gap analysis’ and show you where work needs to be done. By May 2018, you need to be up and working as that’s when the legislation comes into force.

How our products can help

It is imperative that organisations understand their cybersecurity risks and invest appropriately. We have a range of tools and services to help your security become state-of-the-art, and partners that can help with broader business integration.

Additional resources

In cybersecurity, knowledge is the key to prevention. And knowledge starts here.