GDPR

The General Data Protection Regulation (GDPR) EU legislation will come into force on 25 May 2018. GDPR is a significant upgrade and replacement for previous rules in the Data Protection Directive and introduces a number of new data protection obligations for organizations. As with other regulations such as HIPAA and SOX, compliance with GDPR requires that your organization implements appropriate measures to ensure you meet your legal data protection obligations. However, one of the key differences is that GDPR requires more than just putting in place a technical solution. Organizations will also need to adopt organizational measures to demonstrate GDPR compliance.

 

Encryption remains a cornerstone of compliance

Encryption remains a cornerstone of data protection and privacy within the GDPR. It is widely recognized that using encryption:

  • reduces the negative impact on individuals (data subjects): in the event of a laptop theft or hacker access to stored data, the encrypted data remains unusable;
  • increases the effectiveness of data protection policies by raising awareness across the organization of the importance of privacy and security measures;
  • reduces the cost of addressing problems such as loss or theft of laptops and mobile devices.

 

AlertSec is your foundation for compliance

AlertSec provides a solid foundation on which to build your compliance program. Organizations are increasingly storing and sharing data via cloud-based services that provide good encryption and key handling. However, to protect the personal and sensitive data defined by the GDPR, you will need additional data security measures.

GDPR will require data to be protected wherever it may be stored, accessed or processed. GDPR will also require protection for a wider data set, to include hidden data such as digital identifiers, IP addresses and cookie ID’s as well as a person’s name, address, Social Security number etc.

Therefore, encryption will need to cover the data you know about in documents and spreadsheets on computers, and the data you may not be aware of: background copies that are downloaded to the computer hard-drive by apps even when processing cloud-based data; the copies shared between staff and third party subcontractors on removable media; hidden data such as author details embedded in documents; IP addresses embedded in emails; and login credentials stored by browsers. This is where the AlertSec service plays a critical role.

AlertSec provides strong protection against accidental loss of all data on endpoint devices: on computers and removable media, in files and documents, embedded in emails and browsers. The Alertsec Service enables your organization to:

Protect

  • encrypt all data on computers and removable media (USB sticks/drives etc.), which includes any embedded information and meta data on the device
  • extend encryption to third party data processors and enforce data protection code of conduct agreements

Comply

  • address many GDPR requirements for technical measures for integrity, confidentiality and protection against accidental loss of personal data
  • enable data processors (service providers) to take appropriate security measures for data protection
  • provide some organizational measures to support GDPR principles

Manage

  • deploy and manage compliance through a cloud management tool
  • demonstrate the adoption and implementation of data protection measures

 

GDPR: Why your organization needs to take action:

GDPR is a significant upgrade and replacement for previous rules in the Data Protection Directive and introduces new data protection requirements on organizations inside and outside the EU.

The changes include (but are not limited to):

  • Expanded geographic scope of EU regulations: organizations not based in the EU may still need to meet GDPR data protection requirements;
  • New obligations on data controllers: for example erasing personal data if required (the “right to be forgotten”), and demonstrating the adoption of protection measures and privacy policies;
  • New legal obligations for data processors (service providers): for example, being accountable for data breach notification and paying significant fines for non compliance;
  • Safe Harbor replacement by Privacy Shield: companies need to self-certify to join the new framework;
  • New definitions of personal and data: compliance with other legislation such as HIPAA may not be sufficient for GDPR compliance;
  • New trigger for breach notification: GDPR expands the definition of a breach to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.
  • Increased fines: data controllers and processors can be fined up to €20million or 4% of total annual worldwide turnoverfor non-compliance.

 

About this text

This text focuses on the General Data Protection Regulation (GDPR) that will come into force in May 2018.

The information in this text is not exhaustive. Our aim is to provide an overview of the major changes that will be relevant to small and mid-sized businesses. There are some new GDPR obligations, such as the need to appoint a data protection officer and maintaining records of data processing activities, which are not covered below as they apply only to particular industry sectors, or to organizations with more than 250 employees.

Read full text here: GDPR

Computer Security At Its Best
Available software applications:
  • Full Disk Encryption
  • Media Encryption / Port Control
  • Compliance Check
  • Anti-Malware / Program Control
  • Firewall
Windows and Mac Support
Install on the OS of your choice.
We are here to help