Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Streamlines GDPR Compliance with New Out-of-the-Box Security Assessment Questionnaire (SAQ) Capabilities

New templates and dashboard help customers perform continuous and cost-effective assessments to identify and address internal and external GDPR compliance posture

LONDON – InfoSecurity Europe, Stand #L100 – June 5, 2018 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced new functionality in its Security Assessment Questionnaire (SAQ) Cloud App that allows customers to better achieve visibility of data across their own network and supply chain for compliance with the European Union’s General Data Protection Regulation (GDPR). New GDPR-specific SAQ templates and a purpose-built dashboard allow customers to reduce the cost and effort of risk assessment to determine the status of their own business and procedural readiness for GDPR, as well as that of vendors in their supply chain.

Qualys will showcase this new functionality at its stand #L100 during InfoSecurity 2018.

Assessing procedural controls can be costly and time-consuming. However, these new out-of-the-box cloud-based SAQ questionnaire templates give audit teams the ability to drastically reduce the spend and labor required to assess both high-level and specific elements of GDPR readiness. Instead of having to craft questionnaires from scratch, teams can distribute the questionnaires as-is or slightly modify each as necessary, and then use questionnaire responses to generate proof of GDPR compliance with detailed reports.

“The GDPR has three dimensions: legal, procedural and technical,” according to Gartner. “In terms of implementing the GDPR data protection principles, technology is the primary enabler, providing solutions, repeatability and scalability.” [1] [2]

SAQ will also offer customers a single dashboard from which to launch GDPR campaigns, manage new GDPR templates, and manage risky third-party vendors. This new tool will simplify the execution and management of GDPR vendor risk assessments by saving time and effort. With a single pane of glass for all GDPR-related assessments, customers can launch new GDPR assessments using the SAQ templates within a matter of minutes and a few clicks. Information on the status and aging of all assessments, vendor risk data along with risk scoring will be available on this dashboard.

“GDPR is a major turning point for organizations, and has incentivized them to accelerate their digital transformation efforts as well as build stronger businesses that can thrive and build trust with customers into the next decade,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “Our latest SAQ capabilities aim to streamline many of the mundane tasks for GDPR compliance and help customers document the security posture of both third-party vendors as well as their own, ultimately strengthening their cybersecurity practices and safeguarding customers’ data across on-premises, endpoints, mobile and cloud environments.”

Each of the seven new questionnaire templates spells out GDPR requirements in granular detail and helps teams assess their business readiness for GDPR compliance:

  • GDPR Business Readiness Self-Assessment: Designed to identify key areas where operational changes will be required, and to assist the organization in prioritizing efforts for GDPR compliance.
  • GDPR Data Inventory and Mapping: Helps in assessing the process to identify, locate, classify and map the flow of GDPR-protected data.
  • GDPR Accountability and Responsibility Assessment: Helps in assessing the process of accountability and responsibility in terms of data governance as per GDPR requirements.
  • GDPR Data Privacy Assessment in Operations: Focuses on assessing appropriate technical and organizational measures to protect EU residents’ personal data from loss or unauthorized access or disclosure.
  • GDPR Third-Party Vendor Assessment: Helps to identify and assess the requirements of third-party vendors with which you share personal data of EU residents.
  • GDPR Data Incident and Breach Notification Assessment: Helps in the assessment of GDPR’s data breach notification and communication requirements.
  • GDPR Data Protection and Privacy Impact Assessment: Helps organizations in the assessment of the privacy risks and data protection safeguards of new projects.

SAQ GDPR-specific templates are available to customers today. The SAQ GDPR-specific dashboard will be available to customers in August.

Additional Resources:

  1. Gartner, A Technical Solution Landscape to Support Selected GDPR Requirements, Joerg Fritsch, Mike Wonham, February 13, 2018.
  2. NOTE: This document, while intended to inform Gartner clients about the current data privacy and security challenges experienced by IT companies in the global marketplace, is in no way intended to provide legal advice or to endorse a specific course of action.

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 10,300 customers in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The Company is also a founding member of the Cloud Security Alliance. For more information, please visit

Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.


Media Contact:
Tami Casey