GDPR: Encryption Is the Key to Compliance - 3 Reasons Why4 Dec 2017 | Michael Waksman
The final countdown to GDPR has begun! On May 25th, 2018 – now only a few months away – the European General Data Protection Regulation (GDPR) will be enforced, and fines will start rolling out for those companies that are not yet compliant.
And it’s not just European companies that must comply with the new regulation.
If you handle personal data of Europeans, whether you’re a retail chain in Florida or a manufacturing plant in China, then GDPR applies to you.
But there’s some good news. There’s an easy and cost-effective way to take action against the threat of devastatingly expensive fines for GDPR: encryption. If you’re not already protecting your data, here are the top three reasons why you should start right away.
GDPR Encryption - 3 Reasons Why
#1 You can't afford not to
Companies choosing to forego compliance, for whatever reason, can be fined up to 4% of their global annual turnover (or up to €20 000 000 EUR) depending on the offense.
Here is a more detailed summary.
For offenses related to:
- Child consent
- Transparency of information and communication
- Data processing, security, storage, breach, breach notification
- Transfers related to appropriate safeguards and binding corporate rules
Fine = €10 000 000 EUR or 2% Global Turnover
For offenses related to:
- Data processing
- Data subject rights
- Non-compliance with DPR order
- Transfer of data to third party
Fine = €20 000 000 EUR or 4% of Global Turnover
So, unless you have €20 000 000 EUR to spare, GDPR could be destructive to you and your business.
#2 What can go wrong, will go wrong
Famous for a reason, this proverb seems to apply particularly well to technology. But don’t take my word for it. As the Experian whitepaper on data breaches states, "almost half of all organizations have suffered at least one security incident in the last 12 months."1
Fail to take basic precautions at your own risk – and you will likely become another statistic in this growing number.
#3 It’s the law
Under GDPR, if your company suffers a breach, then the controller (or appointed person) must make the breach known to the appropriate authority within 72 hours. Failing to properly notify a breach to the supervisory authority can result in a significant fine, as summarized above.
The overall goal of GDPR is to protect fundamental rights in relation to processing and to facilitate the free flow of personal data within the EU. The regulation, adopted by the European Commission in 2016, is now recognized as law across the EU. Member States have two years to ensure that it is fully implementable in their countries by May 2018.
But don’t panic! You can easily get through this in a way that also benefits your organization and your customers.
And Now, the Good News
GDPR also lists out some exceptions. So, does GDPR require encryption?
According to Article 34, no notification is required if prior to the breach taking place, the data were rendered unintelligible, for example by means of encryption.
GDPR experts around the world agree that encryption is a key technology for organizations preparing to comply with the new regulation and avoid heavy financial penalties.
As David Reed of the SANS Institute states, "Using encryption on each device that has the ability is among the best ways to prevent unauthorized access to data."2
Encrypting your data is a simple, proactive measure that you can take right now to comply with GDPR. With a relatively small amount of money for an encryption solution, organizations can significantly reduce the cost of a data breach down the road. And perhaps just as important, they can protect their reputation as a responsible steward of customer data.
GDPR Encryption by BestCrypt from Jetico
Jetico provides pure and simple file and disk encryption software for National Security, Compliance and Personal Privacy. Already trusted for HIPAA compliance, Jetico's BestCrypt delivers GDPR encryption for peace of mind.
To comply with the 'Right to Be Forgotten', Jetico's portfolio also includes BCWipe.
Get started now!
Request a free trial
Contact us for a free consultation
1 Experian. "2015 Second Annual Data Breach Industry Forecast." Experian white paper. [Online], Available: www.experian.com/assets/data-breach/white-papers/2015-industry-forecast-experian.pdf [04 Dec 2017]
2 Reed, David. “Encryption Solutions for Small Networks.” SANS Institute white paper, November 13, 2015. [Online], Available: www.giac.org/paper/gsec/37592/encryption-solutions-small-networks/147882 [04 Dec 2017]
Michael Waksman has been serving as CEO of Jetico since 2011, more than doubling the size of the company during his tenure. He brings more than 20 years of communications, technology and leadership experience.
At Jetico, Waksman has lead creation of the corporate identity, raising global brand awareness, building a more commercially-driven team and initiating enterprise customer relations. Jetico has maintained a wide user base throughout the U.S. Defense community, in the global compliance market and for personal privacy.
Waksman served as vice-chairman of the Cyber Group for the Association of Finnish Defense and Aerospace Industries. Recognized as a security and privacy advocate, he is a frequent speaker at international events, occasionally on behalf of the Finnish cyber security industry. In 2012, Waksman was honored with The Security Network's Chairman's Award for fostering collaboration between the United States and Finland. As dual citizen, he is a native New Yorker and has been living in the Helsinki region for over 15 years.
Thank you for contacting Jetico! We will respond to you as soon as possible.
Send us a message - we'll reply within 24 business hours.
Need help now? Call Us
US: 202 742 2901