* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Next-Generation Firewalls](https://www.paloaltonetworks.com.au/blog/network-security/category/next-generation-firewalls/)
* SSL/TLS Decryption Can He...

# SSL/TLS Decryption Can Help with GDPR Compliance

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2019%2F10%2Fnetwork-ssl-decryption-and-gdpr%2F)  
[](https://twitter.com/share?text=SSL%2FTLS+Decryption+Can+Help+with+GDPR+Compliance&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2019%2F10%2Fnetwork-ssl-decryption-and-gdpr%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2019%2F10%2Fnetwork-ssl-decryption-and-gdpr%2F&title=SSL%2FTLS+Decryption+Can+Help+with+GDPR+Compliance&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2019/10/network-ssl-decryption-and-gdpr/&ts=markdown)  
\[\](mailto:?subject=SSL/TLS Decryption Can Help with GDPR Compliance)  
Link copied  
By [Fred Streefland](https://www.paloaltonetworks.com/blog/author/fred-streefland/?ts=markdown "Posts by Fred Streefland") and [John Harrison](https://www.paloaltonetworks.com/blog/author/john-harrison/?ts=markdown "Posts by John Harrison")  
Oct 18, 2019  
4 minutes  
[Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)  
[Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)  
[encryption](https://www.paloaltonetworks.com/blog/tag/encryption/?ts=markdown)  
[GDPR](https://www.paloaltonetworks.com/blog/tag/gdpr/?ts=markdown)  
[network security](https://www.paloaltonetworks.com/blog/tag/network-security/?ts=markdown)  
[NGFW](https://www.paloaltonetworks.com/blog/tag/ngfw/?ts=markdown)  
[SSL Decryption](https://www.paloaltonetworks.com/blog/tag/ssl-decryption/?ts=markdown)

By John Harrison, Regional Product Marketing Manager, EMEA, and Fred Streefland, Regional Chief Security Officer

You might be surprised to learn that SSL decryption can be a valuable tool for protecting data in compliance with the European Union's General Data Protection Regulation (GDPR), when applied according to best practices.

Responsible organizations everywhere want to protect their networks and the personal data their users entrust to them. As technology develops and regulations shift, it takes insight to implement security measures effectively while remaining in compliance. SSL/TLS decryption, which provides visibility into security threats that can be hidden within encrypted traffic, has emerged as a key technique for protecting against modern threats. In talking with our customers, however, we've found that some organizations believe they aren't allowed to use SSL decryption because of GDPR, a comprehensive European Union data protection law that governs how entities collect or process the personal data of individuals in the EU.

On the contrary, the GDPR is a regulation, not an inhibitor. It states specifically that you are allowed to implement measures in order to secure the processing of personal data. It also goes a step further, recommending you take organizational and technical security measures to secure the processing of personal data. Because of this, it's not correct to say, "I cannot do SSL decryption because of GDPR." In fact, it's more accurate to say, "The GDPR *requires* me to do it."

**Encryption and Hidden Threats**

Encryption is increasingly used to secure not just sensitive or private information but practically all traffic traversing enterprise networks. According to a Google 2019 finding on encrypted traffic, 87% of internet users' time is spent on pages that use HTTPS, and 70% of pages are loaded on HTTPS.

The downside is that organizations are essentially left blind to any security threats contained inside encrypted traffic. Attackers exploit this lack of visibility and identification to hide within encrypted traffic and spread malware. The availability of cheap or free certificates from sites such as Let's Encrypt have made encryption far too simple for attackers to leverage with their automated malware and phishing campaigns. Even legitimate websites that use SSL can be infected with malware. Adversaries inside a network can also use encryption to hide data being exfiltrated.

If you can't see what's coming into your company, you can't protect it, especially in today's environment. More than ever, organizations need the ability to decrypt, gain visibility, classify, control and scan SSL-encrypted traffic.

**A Plan for SSL Decryption and GDPR Compliance**

To implement SSL decryption, you need buy-in within your organization. Part of that involves reassuring stakeholders that you have a plan for rolling out your implementation in a way that remains sensitive to compliance considerations. Your first step should be to set clear expectations around which data you do and don't want to decrypt. For example, you could inform your board of directors, management and legal counsel that you will not decrypt certain categories of sensitive data, such as data related to health care, banking and government.

Another option is not to start SSL decryption of everything on day one. Instead, you could designate certain high-risk categories to focus on, such as recently registered domains, recently infected websites or uncategorized websites. Other good web hygiene options include not allowing users to connect to websites with expired certificates, untrusted certificates or self-signed certificates. These last options can be done even without actually decrypting traffic but can substantially protect users. Then, be sure your technical implementation follows the expectations you set. Palo Alto Networks Next-Generation Firewall, for example, makes it easy to enable an optimal security policy while respecting confidential traffic parameters.

**Best Practices for SSL Decryption and GDPR**

To truly protect your organization today, we recommend you implement SSL decryption. Palo Alto Networks has created a set of resources, documentation and [best practice guides](https://docs.paloaltonetworks.com/best-practices/9-0/decryption-best-practices.html) to help. Running a [Best Practice Assessment](https://www.paloaltonetworks.com/services/bpa) is one way to get started and strengthen your security.

Understand what you need to [enable and deploy SSL decryption](https://start.paloaltonetworks.com/enabling-ssl-decryption.html).

*** ** * ** ***

## Related Blogs

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### PAN-OS 10.0 for the World's First ML-Powered NGFW Now Available](https://www.paloaltonetworks.com.au/blog/2020/07/network-ml-powered-ngfw/)

### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Announcing CN-Series: The Industry's First NGFW for Kubernetes](https://www.paloaltonetworks.com.au/blog/2020/06/network-cn-series/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Paradigm Shift: The World's First ML-Powered NGFW with PAN-OS 10.0](https://www.paloaltonetworks.com.au/blog/2020/06/network-pan-os-10-0/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Best Practices for Enabling SSL Decryption](https://www.paloaltonetworks.com.au/blog/2018/11/best-practices-enabling-ssl-decryption/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### SSL Decryption Series: Next-Generation Firewall Buying Criteria for Your Decryption Needs](https://www.paloaltonetworks.com.au/blog/2018/10/ssl-decryption-series-next-generation-firewall-buying-criteria-decryption-needs/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### SSL Decryption Series: Where Should You Decrypt?](https://www.paloaltonetworks.com.au/blog/2018/10/ssl-decryption-series-decrypt-2/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language