Zero Trust Privacy Solution
Privacy aware protection for personal data assets
Privacy1’s Zero Trust technology gives you privacy management and state of the art data security in a single solution. We allow you to apply controls to the data where it lives, shifting your defensive focus from the network edge to the valuable data assets you need to protect.
This data centric approach allows you to allow access to the sensitive personal data only for specific legal purposes, approved systems, pipelines and people and have immediate control from your privacy and legal team to suspend or revoke access.
"we apply privacy aware security to the data asset itself"
Consistent Protection
Level of protection does not change as the data moves around systems with different perimeter security stances
Purpose Control
Privacy Aware
Protection is privacy and purpose aware so you can control how the data can be used across the organisation from the legal team
Data is encrypted so only legitimate systems and users can access it for the correct purpose at rest and while in transit
How we help solve the different types of data breach
The malicious
attack
With the data elements encrypted and smart locked, even if a hacker breaches your perimeter tiers to the back office the data is unreadable
The data
leak
Because data elements are only unlocked for specific purposes systems in the processing moment. Batch data downloads by staff are impossible
Inadvertent
viewing
IT, DevOps, Marketing...
cannot mistakenly view personal data even when they have direct access to infrastructure. They can only use data aligned to their processing purpose
"bad actors rely on two things once they have "broken in"
-
Avoid application security
-
Data assets are in clear text
How we help you protect your data
Attacks are made on organisations to target the profitable asset, your sensitive data. Privacy1 locks and scrambles the data at the data level, it’s no longer stored or flowing as “clear text”.
When the data is scrambled like this, the hacker cannot read the information, and if they do try to steal data it will be unreadable.
The Privacy1 solution encases your sensitive data in 4 shells of protection. We use multiple access keys, entitlement controls and two levels of privacy aware controls: by processing purpose and by data subject consent.
These controls not only stop intentional malicious breaches, they also stop unintentional breaches and leaks like developers from mishandling personal data.
We make sure only the right teams, applications, processing, 3rd parties and data pipelines can access personal data, stopping internal, unintentional or opportunistic breaches as well.
We provide privacy for whole data lifecycle
Storage
We help you protect the whole data lifecycle from creation to deletion. As new users are created, new data is collected Privacy1 applies the encryption, pseudonymisation and entitlement policies you set.
As the data is stored, processed and shared, Privacy1 protects the data from improper uses, inadvertent and malicious access and rogue 3rd parties. When data subjects exercise their rights the data can be automatically suspended or deleted without operational overhead.
Collection
Processing
Sharing
Deletion
We give you back control of 3rd parties
When you share, store, process data with 3rd parties the safety of that data has been secured by trust in your vendors and underpinned by contracts. With the EU’s Schrems II ruling, European companies now do not have valid protections of EU citizens data when processing with US vendors.
Many companies are now faced with bringing data back out of the US cloud storage and app vendors back to vendors with the EU. For many, this is expensive, risky and threatens business continuity.
Using Privacy1’s Zero Trust platform allows you, the data controller, to apply appropriate protection at the data level for each vendor you use, giving you the ability to suspend or revoke processing at the drop of a hat and enforce your contractual clauses.
Schrems II and avoiding the business impact of repatriating your data back to the EU
As a data controller able to enforce this level of protection you can revoke access to your data for a specific 3rd party if they give you cause for concern, revoke or suspend access to data belonging to a specific data subject or set access only for specific processing purposes.
In this way you can apply the same protections on EU citizen data that you would normally have expected from the processor, enforce your standard contractural clauses and show a defensible position to any EU data regulator.
How to get started with smart data protection
Privacy Automation
Rather than just document your personal data use, we help you manage your personal data assets. We allow you to enforce your data protection policies across data flows, apps and 3rd parties automatically, we automate the DSAR process, remove manual overhead and human error, reduce costs and risks and improve efficiency and build a better trusted brand.
Data Pseudonymisation and encryption
Using Privacy1 all your personal data is pseudonymised and encrypted with multiple privacy aware security keys. This means that you can apply a zero trust strategy to your data assets rather than depend on perimeter defences. This allows you to control access to personal data to only those parties and systems that are approved and have the correct processing purpose.
Privacy integration for legacy to cloud
Regardless of whether you have modern cloud-based applications or older in-house technology our integration SDK's will enable your systems to take advantage of our privacy aware security controls without rebuilding the stack. We are also downloadable from Amazon and Google Clouds.
Customer Rights Portal
Privacy1 provides a customer portal "Privacy Manager" which helps you build trust with your customers by being transparent about the data you have, the purposes that you use it. The portal allows you to give consent control back to your users and allow them an easy way to exercise their privacy rights, allowing you to be seen as a trusted brand.