The General Data Protection Regulation (GDPR) came into force in May 2016 and will be applied from May 2018. Replacing the existing data protection framework under the EU Data Protection Directive, GDPR brings greater responsibilities for organisations involved in data processing.
While many of the main concepts and principles of GDPR are much the same, the GDPR introduces significant revisions which merit detailed consideration by all organisations involved in the processing of Personal Data.
Under the new legislation, encryption is identified as an essential security requirement in the handling of Personal Data, with the onus on organisations to prove that encrypted data is both secure and recoverable.
The GDPR gives data protection authorities more robust powers to tackle non-compliance including revenue based fines of up to 4% of annual worldwide turnover, for the most serious infringements.
The GDPR also makes it considerably easier for individuals to bring private claims against data controllers when their data privacy has been infringed, and allows data subjects who have suffered non-material damage as a result of an infringement to sue for compensation.
Organisations should start preparing for GDPR immediately by conducting a thorough analysis of all current or envisaged processing of Personal Data. Ensuring policies and systems comply with GDPR requirements may be the difference in avoiding both potential penalties and reputational impairment.
The INNOVATE approach to GDPR
As a Cisco Premier Partner with fully accredited Cisco Engineers, INNOVATE uses the Cisco Meraki solution set which supports a wide variety of encryption and authentication methods. Our consultants will advise you with the most comprehensive encryption solutions tailored to ensure full GDPR compliance.
For more information, contact us.
Changes in Data Protection Regulation makes Encryption an Economic Imperative