On December 15, 2015, the EU agreed to a draft of the General Data Protection Rules (GDPR) with potential fines of up to four percent of global revenues or 20 million EUR (whichever is higher), if an enterprise breaks those rules. These rules, which are expected to go into effect in 2018, apply to any companies that have or manage the data of customers in the EU regardless of whether the company itself is based outside the EU (with implications for cloud-based models).
Among the rules are requirements to:
We have seen through numerous examples in the U.S. that when companies must report data breaches to their customers, the company’s profits and stock prices suffer and senior executives lose their jobs. And GDPR adds substantial fines to these risks.
All things considered, GDPR has teeth. Or, it will in 2018, when it goes into effect. If you process individual ID data of EU residents, you need to be ready.
Vormetric can help you comply with all three of the requirements above.
Regarding notifying the subjects of a data breach, the agreed upon text states:
The communication to the data subject … shall not be required if: … the controller has implemented appropriate technical and organisational protection measures … to the data affected by the personal data breach, in particular those that render the data unintelligible to any person who is not authorised to access it, such as encryption....
So, if you have Vormetric’s file-based transparent encryption with integrated key management in place, you will have the kind of state of the art data protection GDPR mandates. And, if and when your data is breached, it will be encrypted and unintelligible to the cyber-intruder who takes it. So, you won’t have to report the breach to the subjects of the data.
Another advantage of Vormetric’s file-based transparent encryption is that it encrypts many kinds of data – both structured and unstructured.
According to TechTarget’s SearchSecurity Sanjay Beri, CEO of Netskope says:
GDPR “requires organizations to safeguard personal data, which may include anything from data about political viewpoints to health history," adding that "this applies to all systems used to process the data, including cloud apps."
The difficulty in complying, according to Beri, is "that many, if not most, personal data for which the organization is legally responsible are data not found in structured formats like databases, but things like email [messages] and random documents created using Office 365 and Box, and in cloud apps not sanctioned by IT." He went on to say that BYOD [bring your own device] "worsens the problem, leaving businesses to wonder how they can even begin to comply with GDPR if they don't know what data they have and where they reside?"
Vormetric’s file-based transparent encryption with integrated key management is a tailor-made solution for this kind of challenge.
Finally, Vormetric’s Security Intelligence produces detailed security event logs that are easy to integrate with Security Information and Event Management (SIEM) systems to produce the kind of security reports necessary for GDRP compliance. These enterprise network security information logs produce an auditable trail of permitted and denied access attempts from users and processes, delivering unprecedented insight into file access activities. These enterprise network security information logs can report unusual or improper data access and accelerate the detection of insider threats, hackers and the presence of advanced persistent threats (APT) that are past the perimeter security.
If you control or process personal identification information of EU members contact Vormetric today to discuss how to comply with GDPR.
There are many regulations and industry standards that require that stringent safeguards are...
Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers and Applications by Securosis
Vormetric Tokenization with Dynamic Data Masking