The General Data Protection Regulation

The General Data Protection Regulation

A landmark data protection law in the European Union (EU) called the General Data Protection Regulation (GDPR) goes into effect on May 25, 2018.  The GDPR unifies data protection rules across the EU and creates new obligations on the protection and handling of personal data, including security requirements and stronger rights for individuals with regard to their personal data.

Security is Fortinet’s business. We are committed to complying with the GDPR and supporting our partners and customers in their efforts to comply with the GDPR.  GDPR Article 32 requires companies to take into account the “state of the art” when planning their security. 

Fortinet is known as a leading security innovator, with exceptional security solutions, and Fortinet’s industry leading security solutions define the state of the art.  

GDPR

For example, many Fortinet services use automated technology to recognize and defend against cybersecurity threats, such as by blocking or quarantining suspected malicious data.  As the industry leader in layered defense, our Security Fabric provides a multifaceted approach to modern-day security.

To better protect our end-customers and assist them with their own security compliance, some Fortinet solutions leverage external threat information gathered in some situations from certain of our end-customers, in order to improve security for a broader set of our end-customers.  For example, if certain Fortinet services determine that a hacker is attacking some of our customers, we may use information about that threat in order to help protect other customers from similar attacks.  This provides our customers with better protection than would be possible if Fortinet could not learn from experience.  

Our own GDPR compliance approach includes the following:

  • Data Security: We have put in place physical, electronic, and managerial procedures and controls to safeguard data and help prevent unauthorized access, to maintain data security, and to use correctly the data we collect. Our data protection efforts utilize our own industry-leading products and services.
  • Data Awareness:  We maintain records of our data processing activities, which form the foundation for our data protection compliance.
  • Data Subject Rights: We have established data subject rights procedures designed to ensure that we provide reasonable and appropriate support for our customers’ responses to individual’s requests to exercise their rights under the GDPR.
  • Controller and Processor Obligations:  For certain Fortinet services, Fortinet acts as a “processor” of our customers’ personal data.  In other instances, Fortinet acts as a “controller.” For additional information regarding how Fortinet handles customers personal data, please see our privacy policy at https://www.fortinet.com/corporate/about-us/privacy.html.
  • Transparency:  Our updated Privacy Policy, which will go into effect on May 25, helps ensure compliance with GDPR notice requirements and helps enhance our transparency to our customers and their users.
  • Vendor Management: We understand the importance of scrutinizing vendors who help us serve our partners and customers.  We assess vendors before we engage them, and we ensure certain vendors agree to certain GDPR-related contractual terms before they can process our partners’ and customers’ information.
  • Channel Partner Data: The data that we collect from our channel partners are used for legitimate business purposes only.
  • Data Transfers: We comply with legal requirements for cross-border data protection, including through the use of European Commission-approved Standard Contractual Clauses. 

If you have any questions regarding our GDPR efforts, please reach out to us at privacy@fortinet.com.