Skip navigation

Effective October 28, 2019 Duo Security will be transitioning to Cisco's Privacy Statement. View the Duo Privacy Data Sheet.

GDPR Compliance and How Duo Helps

New EU Data Privacy Law Takes Effect May 25, 2018

Download Solution Brief

What is the GDPR?

The General Data Protection Regulation (GDPR) will replace the European Union’s decades-old data privacy laws, bringing them more inline with the modern technology landscape. The landmark reform, which takes effect May 25, 2018, imposes mandatory obligations on organizations within the European Union that process personal data, as well as organizations outside of the EU that collect or process the personal data of EU residents, regardless of where those organizations are located. It governs how businesses collect, handle and protect personal information (PI) and how they report data breaches.

Simply put, the GDPR gives individuals more control over their personal data and puts strict data handling rules in place to ensure that data is protected.

What is the Impact?

Organizations must comply with the GDPR or risk facing significant financial penalties of up to €20 million or 4 percent of their global annual revenue (whichever is greater).

How Are We Preparing?

We feel the GDPR is an important and necessary step to protect individuals’ data. As a provider of secure access solutions, we must ensure our customers’ data is protected. As such, we are committed to GDPR compliance across our organization.

How Duo Helps

Data privacy, protection and confidentiality matter a lot to Duo. We welcome the EU’s adoption of the GDPR. On a global level, we believe it has positively influenced views on the importance of individuals’ data privacy rights and interests and on the need for better data security.

Trusted Users and Trusted Devices

Duo verifies your users’ identities with strong two-factor authentication before granting access to applications that may contain personal information. Duo also checks the security hygiene of your devices before granting access, giving you complete control over who and what are accessing your company's assets. This helps companies protect personal information against data breaches and also exercise greater control over access to personal information on their systems.

Granular Access Policy Enforcement

Duo also provides IT teams with visibility into which corporate-managed and unmanaged devices are accessing company applications and data. And we allow the enforcement of strong policies to ensures only trusted and authorized users and healthy devices can access critical business applications and the data they store, empowering companies to be much more scalable and flexible as they grow or their security requirements evolve

Duo goes one step further in helping businesses protect data by establishing consistent policies and workflows and demonstrating compliance during audits with automated system reporting of users and devices accessing applications.

Download our solution brief.