What is the GDPR (General Data Protection Regulation)?
The GDPR is a binding legislative act concerning the protection of personal data and individual rights. It was introduced by the European Union to replace the Data Protection Directive 95/46/EC.
Designed to harmonize data privacy laws across Europe, it protects and empowers all EU citizens’ data privacy and is there to reshape the way organizations approach data privacy.
The GDPR requires companies to take reasonable measures to protect their data. Encryption is one of the recommended ways to protect your business against data loss or exposure. It is considered to be a highly “appropriate technical and organizational measure” for personal and business data security.
Who is affected by GDPR?
The GDPR applies to all organizations located within the EU, or outside of the EU, which process and store the personal data of EU citizens, in order to: offer goods or services, or monitor their behavior within the EU.
What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR, or €20 Million – whichever is greater. This is the maximum fine that can be imposed for the most serious infringements. It is important to note that these rules apply to both controllers and processors- meaning ‘clouds’ will not be exempt from GDPR enforcement.
The list of GDPR fines has grown since the first half of the year (2022). As we hit the third quarter mark, take a look at the penalties dished out thus far. Biggest GDPR Fines of 2022
How does the GDPR handle personal data breaches?
In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.
What are my main responsibilities under the GDPR?
If your organization handles personal data, the Information Commissioner’s Office (ICO) states that you are expected to implement comprehensive but proportionate governance measures. These measures should minimize the risk of breaches and uphold the protection of personal data.
The exact responsibilities that apply are different for every organization and depend on its size, industry and the kind of data being stored.
Companies can reduce the likelihood of a data breach and therefore reduce the risk of fines in the future, if they chose to use encryption of personal data. The processing of personal data is naturally associated with a certain degree of risk. Especially nowadays, where cyber-attacks are nearly unavoidable for companies above a given size.
Essentially, encrypting your data means that others can’t access it without the correct key. In a nutshell, encrypting all your customers personal data and sensitive information means that if hackers do gain access to your files, cloud files or even physically steal your computers and hard drives, they cannot actually read the encrypted data.
You can think of encryption as your ultimate insurance policy against data breaches and that if the worst comes to the worst, your customers personal information remains safe.
What does the GDPR say in regards to encryption?
As Recital 83 in the GDPR states:
'In order to maintain security and to prevent processing in infringement of this Regulation, the controller or processor should evaluate the risks inherent in the processing and implement measures to mitigate those risks, such as encryption.'
How can GhostVolt help towards compliance?
GhostVolt enables you to implement data protection measures while collaborating on files: control who has access to personal data, log file activities, set up internal security policies for data management, and many more.
GhostVolt encryption and decryption are done on the client-side which means no one is able to access and read the stored personal data, except for the owner and users authorized by the owner. This minimizes the risk of decrypting personal data in case it gets to wrong hands due to a data breach.