Data Protection for Compliance with GDPR

Our solutions help ensure compliance with GDPR using proven data protection technologies

What is GDPR?

The General Data Protection Regulation is the European Union (EU)'s data privacy and security law. GDPR went into effect on May 25, 2018. It covers all entities and organizations that target or collect data from people who live in the EU and the European Economic Area (EEA).

GDPR regulates the export of personal data outside the EU, and requires businesses to protect EU citizens' privacy and personal data when the transacting within EU member states. Non-compliance can result in hefty fines; in 2019 alone, fines for major infractions totaled over 440 million Euros*.

How Does StrongKey Help With GDPR?


This is the same as tokenization—a method of replacing real data with an anonymized “token” or representation of that data which is unidentifiable.

StrongKey has been securing cardholder data
and payment information for over a decade using tokenization and encryption services backed by one of the most secure technologies: public key cryptography.

StrongKey’s tokenization offering is one of the strongest methods to secure data for GDPR’s pseudonymization requirement.

Data Protection by Design

A crucial requirement of GDPR is in Article 25: “Data protection by design and by default.” This mandates that technical and organizational measures are taken to ensure that:
  • data protection principles are designed into the system
  • only necessary data is processed
  • an approved certification method is used to demonstrate compliance
Through our solutions and extensive
documentation, StrongKey can help an organization
comply with this mandate both by design and by default.

Unambiguous Consent

GDPR requires explicit consent from a user to allow their data to be processed and stored. To ensure the consent is legitimate, the user identity must be verifiable.

With FIDO2 strong authentication, a user is verified through publi- key cryptography without the use of a password, ensuring that the user is who they claim to be—making the consent legitimate and unambiguous.

StrongKey’s open source FIDO2 Server and
authentication expertise can help you create not just a
compliant environment, but also a more secure, convenient one.

Data Integrity Verification

GDPR mandates protection against the alteration of data ("maintenance of data integrity"). Data integrity means the accuracy of the data remains over its life. This cover both accidental changes like human error and intentional attacks designed to alter the information.

One of the strongest ways to protect against alteration of data is to use digital signatures.

Digital signatures help maintain confidentiality, integrity, and authenticity (CIA) of data in transit. Working alongside encryption and tokenization, this maintains data integrity.