EU (European Union) Data Protection Regulation: Solutions
Hold data on EU citizens? Check if you'll be compliant with the new Data Protection Regulation
About European Union Data Protection Directive
The EU General Data Protection Regulation is set to drastically change data protection law for International organisations, including an increase in penalties for a breach up to 2% of a corporation’s annual global turnover.
Encrypting and storing sensitive data on a secure server and enforcing multiple layers of access control should be a best practice for keeping data safe.
European Union (EU) regulatory framework that aims to protect the privacy of personal data within the EU. Implemented in 1995, the directive requires all member countries of the EU to enact laws to enforce these regulations. The EU data protection regulations are stricter and more comprehensive than those in the United States. As a result, U.S. companies that handle data from EU citizens must put extra measures into place to comply with the directive under the so-called “US-EU Safe Harbour” agreement. Data security is just one aspect of the Data Protection Directive. Compliance with the directive and protection under safe harbour requires robust encryption and key management that ensures the privacy and confidentiality of citizen records.
The Directive also covers the processing of information such as any manual or automatic operation on personal data, including its collection, recording, organisation, storage, modification, retrieval, use, transmission, dissemination or publication, and even blocking, erasure or destruction. One of the primary principles within the Directive is data security:
Once collected, personal data should be kept safe and secure from potential abuse, theft, or loss.
Organisations must therefore protect themselves from data loss or compromise by implementing and enforcing a data protection strategy that complies with the Directive.
Encryption
Certain member countries such as Spain, Italy, France, Austria, and Belgium require encryption for certain categories of data, and/or written security policies that specifically address encryption.
Encryption renders the data unusable, unreadable, and indecipherable to unauthorised individuals in the case of a security breach.
Strong key management techniques ensure that the key is protected with several layers of advanced cryptography and is always stored separate from the encrypted files.
EU Data Protection Directive
requirement
|
|
Secure data at rest within the
organisation
|
File, folder and removable media
encryption as standard to secure data at the endpoint.
|
Secure data in transit
|
Full-disk and removable media
encryption to secure data on the move.
|
Secure data for mobile / home
working practices
|
Installation on a privately owned
PC. adds portable encryption to any usb storage device.
|
Secure transfer of data between
locations
|
Outlook plug-in, clipboard
encryption compatible with all mail clients including webmail, and attachment
encryption for any system.
|
Block / Limit access to certain
data
|
Key-sharing technology make it
simple to deploy and manage complex, multi-layered teams and workgroups.
|
Secure safe storage of personal
data
|
FIPS-140-2 validated for secure industry standard encryption
algorithms and methods.
|
Secure destruction of redundant
data
|
Securely delete data to the DoD-5220.2 M standard ensuring that it is
completely unrecoverable.
|
BYOD
Bring Your Own Device / Endpoint Security
Article 31 contains the first new data breach notification requirement. Firstly, under this provision of the new law organisations must notify the authorities about data breaches “without undue delay and, if feasible not later than 24 hours after the breach”.
Countries including Germany and Austria have data breach laws currently
and some industries (for example telecoms) are already subject to an EU wide general data breach reporting requirement.
This puts huge pressure on companies. If an employee loses his iPhone containing customer details on Friday night then he is unlikely to want to boast about it to the company CEO on Monday morning.
e-Discovery
Discover everything: on-premises – cloud – mobile
Total Data Compliance
Infrastructure wide Data Management and Legal eDiscovery and Data Search
Accurately discover and classify personally identifiable information, including where it is stored on the IT network – meaning you are in control of all private consumer data anywhere on your network.
> Legal Search & eDiscovery
Legal and HR teams will love being able to find any data.
Legal retention policy enablement for storage, backup and archive environment and to formulate thorough processes for responding to legal and eDiscovery requests.
Legal and HR teams will love being able to find any data.
Legal retention policy enablement for storage, backup and archive environment and to formulate thorough processes for responding to legal and eDiscovery requests.
Detecting Breach
Companies need to consider a data security solution that is distributed in the same manner as their data and infrastructure – across physical, virtual and cloud environments. The right tool should give them visibility, control and threat defense within the data center to help them quickly detect that they have been breached, understand the extent of the breach, and identify how the cyber-criminal got in so that they can put policy and safeguards in place to prevent future occurrences.
Contact us today to discuss your requirements in more detail.
P: +44(0)7714 209927
S: +44(0)1273 329753
| 
info@securenetconsulting.co.uk
|