Data Protection for Compliance with GDPR

Our solutions help ensure compliance with GDPR using proven data protection technologies
Watch our GDPR Webinar


maximum fine,
per consumer,
per incident
July 1, 2020
enforcement date for
CCPA compliance
potential cost of failure to comply,
after receiving citation

What is GDPR?

GDPR stands for General Data Protection Regulation, and it is the European Union's data privacy and security law. GDPR went into effect on May 25, 2018 and it affects all entities and organizations that target or collect data from people who live in the European Union (EU) and the European Economic Area (EEA).

GDPR regulates the export of personal data outside the EU, and requires businesses to protect EU citizens' privacy and personal data when the transaction occurs within EU member states. Non-compliance can result in hefty fines, and in 2019 alone, fines for major infractions totaled over 440 million Euros*.

    CCPA applies to all for-profit businesses that do business in California, collect and control the personal information of California residents, and derive 50% or more of their annual revenue from selling California residents' personal information OR have annual gross revenues of more than $25M OR receive or disclose the personal information of more than 50,000 California residents, households or devices each year

    Yes, if you do business in California or have customers in California, and you meet the criteria above. The scope of CCPA is tied to the where the consumers reside, as it was enacted to protect the rights of California residents.

    Under the CCPA, "Personal Information" is defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

    Types of information considered to be personal information include, but aren't limited to, real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, biometric information, Internet or other electronic network activity information, geolocation data, and professional or employment-related information.

    Any information that's publicly available is not considered personal information under CCPA. Aggregated data and deidentified data are also not considered personal information.
4% revenue
maximum fine for
250 cases
of fines being levied for
failure to comply
the average spent by Fortune 500
companies on compliance efforts
Download our FIDO and GDPR White Paper

How Does StrongKey Help With GDPR?

We've provided PCI DSS compliance solutions to hundreds of companies since our company's inception


This difficult-to-pronounce word is a synonym of a widely used technology in the payment processing industry: tokenization—a method of replacing real data with an encrypted “token” or representation of that data so it is unidentifiable.

StrongKey has been securing cardholder data
and payment information for over a decade using tokenization and encryption services backed by one of the most secure technologies: public key cryptography.

StrongKey’s tokenization offering is one of the strongest
means to meet GDPR’s pseudonymization requirement

Data Protection by Design

One of the most compelling tenets and memorable lines of GDPR is in Article 25: “Data protection by design and by default.” This expressly mandates that technical and organizational measures be taken to ensure that:

(1) data protection principles are designed into the system;
(2) only necessary data is processed for each purpose; and
(3) an approved certification method is used to demonstrate compliance.

Through our product architecture and accessible
documentation, StrongKey can help an organization
comply with this mandate both by design and by default.

Unambiguous Consent

GDPR requires explicit consent from a user to allow their data to be processed and stored. However, to be sure the consent is legitimate, the user identity must be verifiable.

Using FIDO2 strong authentication, a user is verified through public key cryptography without the use of a password, ensuring that the user is, in fact, who they say they are—making the consent legitimate and unambiguous.

StrongKey’s open source FIDO2 Server and our
authentication expertise can you create not just a
compliant environment, but also a more convenient,
password-free one

Data Integrity Verification

GDPR mandates protection against the alteration of data (maintaining data integrity). Data integrity means the accuracy of the data remains over its life. This protects against accidental changes like human error or intentional attacks designed to alter the data.

One of the best ways to protect against alteration of data is to ensure its validity through digital signatures.

StrongKey easily integrates digital signature capability
into our customers’ transactions, applications, and
documents. Working in concert with our encryption and tokenization, this is an extremely strong way to meet GDPR mandates for data integrity.

What Makes Us Unique

Where can we clone more?

One day, after a troubling visit from the giant Catherine Clifford, Chloe leaves her house and sets out in search of three cosy sausages.

How do we use webflow?

One day, after a troubling visit from the giant Catherine Clifford, Chloe leaves her house and sets out in search of three cosy sausages.

Is Vlad a secret agent?

One day, after a troubling visit from the giant Catherine Clifford, Chloe leaves her house and sets out in search of three cosy sausages.

Did someone find Waldo?

One day, after a troubling visit from the giant Catherine Clifford, Chloe leaves her house and sets out in search of three cosy sausages.