A New Era in Data Protection
Europe's new General Data Protection Regulation (GDPR) takes effect in May 2018, introducing new protections for individuals and new obligations for companies that collect, use, or process EU citizens' personal information. Given the heavy fines that can result from violations, GDPR compliance should be a top priority for every organization that does business in Europe.
Unlike previous European data protection laws, the GDPR applies to any company that collects or processes the personal information of EU citizens, even if the company is headquartered outside the EU.
The law includes significant new mandates for data controllers (companies that collect personal information on EU citizens) and data processors (companies that store, transmit, or process data on behalf of data controllers):
- Companies must obtain active consent before collecting or processing personal data
- Individuals can request that their personal information be deleted from a company’s database, and can request copies of their data in a portable format
- Companies must notify authorities and affected individuals within 72 hours of a data breach, unless the compromised data is protected by encryption or similar measures
- Each company must appoint a Data Protection Officer to oversee GDPR compliance
- Companies must build data protection into their products and services “by design and by default”
Supervisory authorities will have the power to fine organizations as much as 4% of their annual top-line revenue for violations, and may impose heavier auditing and reporting obligations after a violation.
Meet GDPR Requirements with Smartcrypt
PKWARE’s Smartcrypt can help businesses and government entities secure sensitive data and meet the GDPR's demanding standards for data protection. Smartcrypt combines data discovery, classification, and protection into a single workflow, enabling organization-wide control over personal information and other forms of sensitive data.
Unlike other encryption solutions, Smartcrypt encrypts sensitive data the moment it is created or saved. Once Smartcrypt encryption is applied, it stays with the data even when it is copied or moved to other user devices, file servers, or external systems. Organizations can also use Smartcrypt to move, quarantine, mask, or delete sensitive data based on their compliance obligations and security policies.
Data Protection by Design
Smartcrypt provides strong encryption, along with innovative data discovery functionality that identifies and protects data on user devices and network storage locations. Organizations can use Smartcrypt to secure their sensitive data and demonstrate compliance with GDPR mandates.
|Security of data processing (Article 32)||Organizations must be able to demonstrate they have taken “appropriate technical and organisational measures to ensure a level of security appropriate to the risk,” including encryption of personal data.|
|Data breach notifications (Article 34)||Organizations must notify supervisory authorities and affected individuals within 72 hours of a data breach. However, organizations are exempt from the requirement to notify individuals if the stolen data is protected with encryption.|
|Data protection by design and by default (Article 25)||Organizations must “adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default.”
These principles should be considered when “developing, designing, selecting and using applications, services and products.”
|Right to be forgotten (Article 17)||Upon request from an EU citizen, a data controller "shall have the obligation to erase personal data without undue delay" unless certain special conditions apply.
Organizations are also obligated to request removal of the data subject's information from any business partners they have shared the data with.
Smartcrypt is designed for maximum flexibility, allowing organizations to implement solutions that meet their unique data protection requirements.
Smartcrypt agents are installed on each device that will be used to access or store sensitive information. Agents monitor file activity and detect sensitive data as soon as it is created or saved. After detecting sensitive information, Smartcrypt takes action (which can include tagging, encryption, deletion, or other options) based on the organization's security policies.
Smartcrypt's web-based Smartcrypt management console lets administrators create and apply encryption policies across the entire organization. In addition, the Smartcrypt software development kit lets organizations build strong encryption into their proprietary applications with only a few new lines of code.
Unlike solutions that increase file sizes after encryption, Smartcrypt uses PKWARE’s industry-best compression technology to reduce data volumes before encryption, resulting in lower costs for data storage and transmission.
A detailed look at how the GDPR will change cybersecurity practices around the world.Read PDF
See how Smartcrypt can help your organization protect its data and comply with the GDPR.Read PDF
Learn more about PKWARE's smart encryption platform.Learn More