top of page


With 25th May just around the corner, the countdown to GDPR is getting shorter by the day. Standardizing all aspects of personal data collection, its privacy and use, if you work in the EU or do business with a member state, GDPR applies to you. GDPR enforces organizations to be accountable for all personal information on their networks. They must know:

  • What personal data they have  

  • Who is using it

  • Where it is saved

  • How it is secured

  • How it is transferred internally, within the EU or abroad

  • Its relevancy

  • How to delete it

Who is who

  • Data Subject, person to whom the personal data belongs.

  • Data Controller, person / organization legally accountable for everything related to personal data and its processing.

  • Data Processor, person who handles personal data.

  • Data Protection Officer, person monitoring compliance with GDPR regulations and the point of contact to its Supervisory Authority.

  • Supervisory Authority (SA), member state’s representative responsible for all aspects related to GDPR legistlation in their state.  

GDPR basics

Right to be forgotten and erasure

Personal data can be removed, erased or restricted if it is inaccurate, no longer required or pending verification.

Right to data portability

As owners of their personal data, data subjects can permit more than one organization to collect and process it. Data protection by design and by default

Data controllers are required to create a protective environment for the collection, handling and storage of personal data. This includes defining access permissions, passwords and data encryption.

Notifying the SA

Data Controllers must update the SA on all data breaches that are likely to risk the rights and freedom of individuals within 72 following the discovery of the breach.

Communicating a personal data breach to data subjects
Data controllers must immediately report all breaches of unencrypted personal data to its owners. A full description of the incident and how it is handled must appear in the report.   

What happens if you fail to comply

Fines for not organizing personal data can reach 2% of an organization’s annual turnover, while failing to report data leakage may stretch to a colossal €20M or 4% of last year's total annual global turnover. If unprotected unencrypted personal data does leak, data subjects are eligible for compensation.


Safend are providers of security products designed to protect against corporate data loss via comprehensive data encryption, port control, device control and content inspection solutions.

With over 3,000 customers worldwide and 3 million licenses sold, Safend software is deployed by multi-national enterprises, government agencies, healthcare organizations and small to mid-sized companies across the globe.

Herzliya, Israel |

bottom of page