Compliance

GDPR

The General Data Protection Regulation, or GDPR, is the primary law regulating how companies protect the personal data of EU citizens. This regulation mandates the standards for how companies provide reasonable data protection measures and handle the data in order to better safeguard its processing, storage, and transfer in order to protect the personal data of consumers against privacy loss or exposure which may include, for example, data breaches.

Companies can reduce the probability of a data breach, and thus reduce the risk of fines in the future, if they choose to use encryption of personal data. When using Tozny’s TozStore encryption platform, the loss of encrypted data does not necessarily constitute a data breach.  Additionally, when using TozStore your encrypted data is not stored within your database, it is stored offsite with Tozny in our state of the art infrastructure.

GDPR also states that should there be a data breach, Supervising Authorities must positively consider the use of encryption in their decision on whether or not to impose fines.  The use of TozStore covers you in the case of data breach to your infrastructure.  Should Tozny itself ever be compromised, your encryption keys are not housed within our infrastructure and thus the data can not be decrypted.

CCPA

The California Consumer Privacy Act (CCPA) creates a set of obligations for businesses and rights for consumers in regard to safeguarding Californian’s personal information.  The legislation provides penalties when companies expose unencrypted personal information to theft or misuse.  Tozny’s platform provides an easy to use encryption service that exceeds all requirements for protecting users data.  Additionally, TozStore enables fine grained access control to revoke access to components of your data on the fly.  This makes TozStore the fastest and most secure way to meet your compliance obligations.