Get your data protection right with the help of cyber security solutions


What should organizations do to comply with the GDPR

Our eBook describes the basic principles and concepts of the GDPR.

  • Key factors needed for proper GDPR preparation
  • Responsibilities of different organizational functions have in the compliance project
  • Role of effective cyber security in maintaining continuous GDPR compliance

The EU General Data Protection Regulation – in short, the GDPR – marks the biggest change in EU data privacy laws in more than 20 years, and it will have a transformative effect on the way companies manage and secure personal data.

The GDPR sets forth a complex regime of measures an organization must take to protect personal data, including the appointment of a data protection officer and the maintenance of detailed documentation to prove compliance. But the GDPR does not articulate a precise prescription for the technology that must be used to secure data.

Instead, GDPR takes a risk-based approach to requiring particular technical measures. Higher risk mandates more expense and effort to secure data. The overriding issue is whether data is at risk and which practices and technologies will effectively reduce those risks.

Related solutions

Key requirements for technical measures are set forth in GDPR Articles 5, 32, 33 and 34. 
Here's a short summary on how F-Secure products help you in protecting the personal data you are collecting.

GDPR Article 5

Ensure security of personal data

Requires you to process personal data so that it stays protected against accidental loss, destruction or damage. Threats like malware and ransomware could cause loss or destruction of data. Increased use of mobile devices and weak passwords also have an impact to confidentiality and data loss.


F-Secure Elements Endpoint Protection

Protects Windows and Mac computers, iOS and Android smartphones, and a variety of server platforms. The most comprehensive endpoint security package comes with fully integrated patch management.

GDPR Article 32

Have a process for regular assessments

Oblige you to perform evaluations of the security measures of data processing. Ensuring a regular process for assessing and fixing known vulnerabilities can be considered as one of the basic functions in cyber security.


F-Secure Elements Vulnerability Management

Turnkey vulnerability scanning and management platform. It allows you to identify and manage both internal and external threats, report risks, and helps to comply with current and future regulations (such as PCI and GDPR).

GDPR Articles 33 and 34

Notify within 72 hours of discovering a breach

Require companies to notify authorities and data subjects within 72 hours of identifying a breach. To be able to notify about the breach, one must be able to detect it as early as possible. The level of information that needs to be included in the notification is considerable. Failure to comply may result in considerable administrative fines.


Endpoint detection and response (EDR) solution monitoring your IT environment status and security, with automation and response guidance whenever under attack.

Related resources

How to achieve compliance with the GDPR

F-Secure's Principal Security Consultant Antti Vähä-Sipilä discusses the measures companies need to undertake to achieve long-term GDPR compliance.

Beyond the GDPR

In our webinar, F-Secure CISO Erka Koivunen, Risk Management Consultant Laura Noukka and Principal Security Consultant Antti Vähä-Sipilä discuss what the GDPR proposes, and how it will impact organizations.

Detection and response solutions are part of an activity that has received funding from the European Institute of Innovation and Technology (EIT). This body of the European Union receives support from the European Union's Horizon 2020 research and innovation programme.