Enterprise Data Protection

Reliable enterprise data protection is a must-have for organizations today. Solid data-centric security helps minimizing risk, ensuring compliance and securing your growth.

Data protection across the enterprise without compromise.

Payments Transformation

Today’s payment ecosystem is being disrupted by evolving technologies, new payment methods, and regulations. Therefore, banks need to focus on an innovative business strategy to turn these disruptions into opportunities.

Planning and executing new digital business models is complex and usually can’t be supported by existing systems as recent innovations and requirements have gone beyond their original scope.

Discover how comforte can help your organization to differentiate and grow in the payments market.


HPE Nonstop Solutions

comforte was founded in 1998 by the developers of MR-Win6530, an acknowledged terminal emulation package notably for NonStop systems.

Our team has more than 20 years of experience developing solutions specifically for the HPE NonStop servers (and for Tandem servers before that). comforte has grown to serve the NonStop community with a wide range of products for secure connectivity, digital enablement (often referred to as modernization), and data protection and security.

Company Insights Resources Contact Us Service & Support


Address regulatory compliance requirements with data protection

GDPR is here. How are you ensuring compliance?

Since 25 May 2018, GDPR is in effect. Every company that processes personal data of European residents is impacted – no matter where the company is based.

Is your organization ready?

Noncompliance and mismanagement of data breaches can result in steep fines, either 4% of global annual revenue or 20 million EUR, whichever is higher.

According to Gartner, “On 25 May 2018, less than 50% of all organizations impacted will fully comply with the GDPR.” Furthermore, “before 2020, we will have already seen a multimillion Euro regulatory sanction for GDPR noncompliance.” Gartner, Inc., research note GDPR Clarity: 19 Frequently Asked Questions Answered, Bart Willemsen, August 29, 2017*

*NOTE: This document, while intended to inform Gartner clients about the current data privacy and security challenges experienced by IT companies in the global marketplace, is in no way intended to provide legal advice or to endorse a specific course of action.


Address These Key GDPR Requirements:

Processing of personal data (articles 5 & 6)

Processing of personal data (articles 5 & 6)

Organizations have to ensure appropriate security of the personal data, including protection against unauthorised or unlawful processing.

Organizations have to ensure the existence of appropriate safeguards, which may include encryption or pseudonymisation (tokenization).

Data protection by design and by default (article 25)

Data protection by design and by default (article 25)

Companies are required to implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles.

Security of processing (article 32)

Security of processing (article 32)

Companies are required to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including pseudonymisation and encryption of personal data.

Communication of a personal data breach to the data subject (article 34)

Communication of a personal data breach to the data subject (article 34)

If a breach results in the exposure of unprotected data, organizations will have to communicate the data breach. However, if the data was protected with appropriate measures, like tokenization or encryption, a data breach notification will not be required.

Wondering Where to Start With GDPR?

Learn how to leverage PCI Compliance as a Foundation for GDPR

Whether your organization is already PCI compliant or moving in that direction, the technologies and processes required for PCI compliance can be used as a framework for GDPR compliance.


Download whitepaper

Payment Card Industry Data Security Standard (PCI DSS) Compliance

Any organization involved with the processing, transmission, or storage of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Compliance must be validated periodically. Failure to comply can result in fines or the termination of the ability to process card payments.

comforte data protection addresses one of the most important PCI requirements:

“Render PAN (Primary Account Number) data unreadable anywhere it is stored.”

(PCI DSS requirement 3.4)
comforte enables one of the world’s largest electronic payments networks to protect sensitive data and to achieve compliance with PCI DSS

comforte enables one of the world’s largest electronic payments networks to protect sensitive data and to achieve compliance with PCI DSS


Learn more

Reduce Your Scope

comforte’s vaultless tokenization completely replaces PAN data in your environment and stores tokens in your database instead.

As you no longer store PAN data on your systems, you reduce your PCI scope and corresponding compliance cost.

What is Good for You is Good for Your Customers & Partners

Extend PCI scope reduction with data protection that goes beyond corporate boundaries:

By exchanging tokenized data instead of PANs, organizations can help their partners and customers to reduce PCI scope.

comforte enables Canada’s largest bank to achieve PCI DSS compliance 

The bank now also delivers value beyond corporate boundaries and offers additional value to its customers by helping them to reduce PCI scope.

Download case study

Achieve compliance without interrupting your business

Implement data protection with no impact to your applications and without disrupting your business

Differentiate with PCI scope reduction

Think beyond corporate boundaries and reduce PCI scope for your customers and partners

Address GDPR with data-centric security

Ensure your company’s readiness and meet critical GDPR requirements

Henning Horst

Global Director R&D

phone: + 49 611 93199 00


Disclaimer: This website does not provide legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand how your organization can leverage data security to address some important legal points. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you need advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this this website as legal advice, nor as a recommendation of any particular legal understanding.