GDPR Compliance Requirements
GDPR is an EU regulation with far reaching impacts for organisations throughout the world.
If your organisation suffers a data breach, under the new EU regulation, the following may apply, depending upon the severity of the breach:
- Your organisation must notify the local data protection authority and potentially the owners of the breached records
- Your organisation could be fined up to €20 million or 4% of global annual turnover, whichever is higher
The UK government has committed to introduce legislation identical to GDPR following Brexit.
At a Glance
GDPR requires organisations to implement appropriate technical and organisational measures to ensure that they process personal data securely.
Article 32 of the GDPR includes encryption as an example of an appropriate technical measure, depending on the nature and risks of your processing activities.
Organisations should have an encryption policy in place that governs how and when they implement encryption and should also train their staff in the use and importance of encryption.
When storing or transmitting personal data, organisations should use encryption and ensure that their encryption solution meets current standards.
Organisations should be aware of the residual risks of encryption, and have steps in place to address these.
Organisations should also be aware of the need to store and manage their cryptographic keys securely.
Many organisations need to adapt their business approaches, operations, and security practices to manage GDPR compliance.
Download the eBook for further information, to help you identify the key aspects of GDPR and what steps you need to take to address its requirements.