GDPR: Encryption Is the Key to Compliance - 3 Reasons Why

4 Dec 2017 | Michael Waksman

The final countdown to GDPR has begun! On May 25th, 2018 – now only a few months away – the European General Data Protection Regulation (GDPR) will be enforced, and fines will start rolling out for those companies that are not yet compliant.

And it’s not just European companies that must comply with the new regulation.
If you handle personal data of Europeans, whether you’re a retail chain in Florida or a manufacturing plant in China, then GDPR applies to you.

But there’s some good news. There’s an easy and cost-effective way to take action against the threat of devastatingly expensive fines for GDPR: encryption. If you’re not already protecting your data, here are the top three reasons why you should start right away.

GDPR Encryption - 3 Reasons Why

#1 You can't afford not to
Companies choosing to forego compliance, for whatever reason, can be fined up to 4% of their global annual turnover (or up to €20 000 000 EUR) depending on the offense. 
Here is a more detailed summary.

For offenses related to:
- Child consent
- Transparency of information and communication
- Data processing, security, storage, breach, breach notification
- Transfers related to appropriate safeguards and binding corporate rules
Fine = €10 000 000 EUR or 2% Global Turnover

For offenses related to:
- Data processing
- Consent
- Data subject rights
- Non-compliance with DPR order
- Transfer of data to third party
Fine = €20 000 000 EUR or 4% of Global Turnover

So, unless you have €20 000 000 EUR to spare, GDPR could be destructive to you and your business.

#2 What can go wrong, will go wrong
Famous for a reason, this proverb seems to apply particularly well to technology. But don’t take my word for it. As the Experian whitepaper on data breaches states, "almost half of all organizations have suffered at least one security incident in the last 12 months."1

Fail to take basic precautions at your own risk – and you will likely become another statistic in this growing number.

#3 It’s the law
Under GDPR, if your company suffers a breach, then the controller (or appointed person) must make the breach known to the appropriate authority within 72 hours. Failing to properly notify a breach to the supervisory authority can result in a significant fine, as summarized above.

The overall goal of GDPR is to protect fundamental rights in relation to processing and to facilitate the free flow of personal data within the EU. The regulation, adopted by the European Commission in 2016, is now recognized as law across the EU. Member States have two years to ensure that it is fully implementable in their countries by May 2018.

But don’t panic! You can easily get through this in a way that also benefits your organization and your customers.

And Now, the Good News

GDPR also lists out some exceptions. 
According to Article 34, no notification is required if prior to the breach taking place, the data were rendered unintelligible, for example by means of encryption.

GDPR experts around the world agree that encryption is a key technology for organizations preparing to comply with the new regulation and avoid heavy financial penalties.

As David Reed of the SANS Institute states, "Using encryption on each device that has the ability is among the best ways to prevent unauthorized access to data."2

Encrypting your data is a simple, proactive measure that you can take right now to comply with GDPR. With a relatively small amount of money for an encryption solution, organizations can significantly reduce the cost of a data breach down the road. And perhaps just as important, they can protect their reputation as a responsible steward of customer data.

GDPR Encryption by BestCrypt from Jetico

Jetico provides pure and simple file and disk encryption software for National Security, Compliance and Personal Privacy. Already trusted for HIPAA compliance, Jetico's BestCrypt delivers GDPR encryption for peace of mind.
 
Get started now!
Request a free trial
Contact us for a free consultation


1 Experian. "2015 Second Annual Data Breach Industry Forecast." Experian white paper. [Online], Available: www.experian.com/assets/data-breach/white-papers/2015-industry-forecast-experian.pdf [04 Dec 2017]
2 Reed, David. “Encryption Solutions for Small Networks.” SANS Institute white paper, November 13, 2015. [Online], Available: www.giac.org/paper/gsec/37592/encryption-solutions-small-networks/147882 [04 Dec 2017]

Jetico logo
Michael Waksman
Michael Waksman has been serving as CEO of Jetico since 2008, nearly doubling the size of the company during his tenure. He brings more than 15 years of communications, technology and leadership experience.

Before joining Jetico, Waksman was instrumental in creating the corporate identity of Valimo Wireless, raising global brand awareness, building a more commercially-driven team and initiating enterprise customer relations. That was the basis for replicating it for Jetico's wide user base throughout the U.S. Defense community, the compliance market and vast personal privacy market.

Waksman is vice-chairman of the Cyber Group for the Association of Finnish Defense and Aerospace Industries. Recognized as a security and privacy advocate, he is a frequent speaker at international events, occasionally on behalf of the Finnish cyber security industry. In 2012, Waksman was honored with The Security Network's Chairman's Award for fostering collaboration between the United States and Finland. As a native New Yorker he has been living in southern Finland for over 10 years.