GDPR Security and Compliance

Protect Your Data and Simplify Regulatory Requirements

arrowDownload Solution Brief
parallax img

Regulations Change. Stay Prepared.

Staying compliant shouldn’t interfere with business agility. Yet data collection now seems easy compared to what’s required next: Governance. Storage. Retention. Privacy. Rights. Notifications. With more stringent regulation comes greater need for a secure, efficient, and cost-effective secondary data solution.

The new General Data Protection Requirement (GDPR), in effect May 25, 2018, applies to any company controlling or processing personally identifiable information (PII) of European Union (EU) residents, regardless of the location of the company. A subset of those requirements relates directly to data protection and data management, driving new use cases for the storage of PII data. Whether or not current regulations—GDPR, HIPAA, PCI, etc.—apply to your business immediately or not, now is the time to assess how your company will not only backup and store required information, but rapidly find it, access it, and delete it without blowing your budget.

Web-Scale Secondary Data Protection

Cohesity simplifies security and compliance by converging secondary data onto a hyperconverged, web-scale platform. The software-defined, scale-out solution’s single user interface and policy-based automation reduce IT burdens around how to best protect, minimize, locate, search, and monitor secondary data. The flexibility of Cohesity’s platform is designed to give you confidence that what you have today will help you meet ever-changing requirements in the future.

Gain Speed, Agility, and Reliability

Integrate data protection into all data collection and protection activities. Reduce the overall amount of and place controls over stored PII. Build a data map to provide transparency into the storage of PII. Enable search within PII, then add requests. Monitor breach activity and quickly trigger reporting procedures to ensure compliance.

Aggregate Data for Faster Processing

Cohesity doesn’t make you copy data across silos nor protect and manage multiple legacy products simultaneously, reducing the threat of non-compliance.

Protect PII Across Workloads

Cohesity consolidates all secondary data—from virtual machines and physical servers to Microsoft SQL Server, Oracle databases, NAS devices and Pure Storage—with unparalleled operational efficiency, at scale.

Automate for Consistency

To comply with data minimization requirements, Cohesity lets backup administrators specify data retention periods through automated policies. Data can be automatically retained and deleted or expired based on policies.

circular icon with light bulb
circular icon with light bulb
Gartner Logo

Gartner predicts that by the end of 2018, more than 50 percent of companies affected by the GDPR will not be in full compliance with its requirements.

Gartner Says Organizations Are Unprepared for the 2018 European Data Protection Regulation, May 2017

Learn more


Protect data by design. Demonstrate transparency. Unify operations, saving time with one platform simplifying data protection, encryption, data retention, search, and analytics to streamline GDPR and other industry and government compliance requirements.

Safeguard Data by Default

Meet all of the requirements of a robust data protection strategy by speeding backup that provides local data protection from accidentally deleted files, application crashes, data corruption, and viruses; enabling fast recovery of individual files and applications; retaining data to satisfy compliance and regulatory requirements; and providing off-site data protection and reliable disaster recovery with Cohesity DataProtect, fully converged with Cohesity DataPlatform.

Secure Data Against Unauthorized Access

Encrypt data at-rest through software. Under GDPR rules, encrypting data and storing the keys in a separate location is considered equivalent to pseudonymization of personal data. Cohesity provides full support for pseudonymization using encryption architecture, based on strong AES-256 Cipher Block Chaining standard with a FIPS-Certified mode, providing high end-to-end security while allowing optimal use of available resources.

Granular Control with Flexibility

Set Role-Based Access Control (RBAC) permission by type of user and permissions based on data source to help ensure only authorized users have access to specific data. 
The Cohesity platform also includes strong Active Directory integration for increased protection.

Protect Against Data Loss and Breaches

Leverage file or view level WORM (write once, read many) for immutable locking and secure data retention capabilities to mitigate data loss and ransomware.


Subscribe to the more is less philosophy. Reduce the amount of personal data your enterprise stores. Cohesity can help you minimize and automate to meet evolving data retention requirements.

Centralized Management

Become more-agile using the Cohesity architecture. It inherently minimizes data copies, reduces attack footprint, and tracks copies through centralized data management.

Automated Policies

Establish granular control. Automate retention policies in Cohesity that enable you to keep PII only for intended periods of time.

On-Demand Relocation

Effectively relocate files on demand to minimize the spread of PII data across your environment.


Rely on Cohesity’s policy-based automated archiving, tiering, and replication to cloud to ensure your enterprise has a 360-degree view of where it stores PII, why, how it got there, where it goes, and who has access to it. GDPR restricts the list of locations and providers to which personal data may be sent, so you need a solution that helps you manage data everywhere, even the cloud.


Use Cohesity to schedule updates to data maps that delineate the following:

  • Location and Movement Tracking (source and destination) of PII
  • Categories of PII stored
  • File containing PII
  • Retention policies of PII
  • Access rights to PII

Leverage Cohesity reports to complete Data Protection Impact Assessments (DPIAs), as needed per GDPR requirements.


Cohesity supports integration with all leading public clouds, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud, for easy and rapid scaling without a bolt-on cloud gateway. Learn more about Cohesity Cloud Integration.


Ensure you know, so you can show. Cohesity search and analytics provide insights to help you quickly discover, easily report on, and if necessary, delete, PII you have stored in your secondary data.

Google-Like Capabilities

Search within unstructured data for multiple categories of PII. Input PII patterns and their variations, and file types (txt, doc, pdf, xls, zip, jpeg) to scan using templates.


Report search results in txt file format or integrate with third-party data visualization or analytics tools.

cohesity advantage
Build Your Own Custom Analytics Apps

Inject custom code to run data processing jobs on stored data using Cohesity Analytics Workbench.


Mitigating threats is priority one. Yet when intrusion does occur, Cohesity reporting of that breach can help you more efficiently validate compliance.

White Lists

Prevent portability of PII using White Lists.


Receive notifications or warnings when data is tiered, archived, or replicated to a non-Cohesity target. Receive the notification when data leaves EU while still on Cohesity.


Export cluster- and system-level audit logs for additional analytics and breach detection with Cohesity.


We found a clear benefit to the simple scale-out design of Cohesity. It was an obvious advantage that the Cohesity architecture was based on hyperconverged nodes of both compute and storage.

Marteinn Sigurdsson, Infrastructure Architect, Thekking

View More

Modernize Your Approach to Security and Compliance

Green Pattern