First, an explanation on the concepts in the title of this piece. Data Sovereignty is the concept that digital data and information is subject to the laws of the country in which it is located and/or created. Safe Harbor is an agreement between the USA and EU that regulated and control import, export and processing of personal data and information. And the most recent, EU General Data Protection Regulation (GDPR) is the regulation of “processing’, ownership, rights and storage of personal data and information within the 28 member EU states.
Digital Personal Data and Information is entering a new era of protection rights, governance and regulatory requirements. The maturity, continuous evolution and frequent data breaches within the digital economy has forced governing bodies to create regulations, rules, punitive fines, guidelines and regulations to ensure the protection of their citizen’s personal data. Many of the current concerns that surround data sovereignty relate to ensuring privacy protection and preventing personal data and information processed and/or stored in a foreign country from being overtly (subpoenaed) or secretly being obtained by the government of the country where the data is being stored or processed.
Organizations are now forced under these regulations to abide to these new and emerging protection standards. Imposing fines are going to be introduced to enforce these regulations for protecting consumer data. Enterprises, organizations and processors (Cloud Providers, eCommerce, PayTV Operators, Social Media, Traditional Telecoms, Payment processing, etc.) will be liable. As an example, the EU GDPR will levy up to 4 percent of an offender’s worldwide annual turnover. Numerous and often conflicting strategies, vendors, analysts and recommendations are being generated and targeted at enterprises, organizations and processors of consumer personal data. There are many facets to these new and emerging regulation such as consent, right to be forgotten (read right to have personal data erased), breach notification within a set period of time, the concept of proactive Cybersecurity measures (‘Data protection by design’ and ‘Data protection by default’) and of course auditability. With so many layers and much complexity into how, how often and when – organizations will have a difficult time navigating this new regulatory world.
But without doubt, the foundational piece of any strategy will have to included encryption and the ability to prove effective management of the encryption. Encryption solves numerous problems at several layers. As an example, encryption avoids the GDPR breach notification requirement (but only if has been proven to be implemented and managed in a competent manner). Also by turning on and utilizing encryption, it can strongly assist with compliance by proving the foundation piece of security – encryption – was implemented in the “security by design and by default” requirement. Regarding the physical movement of data, where a processor or organization maliciously or inadvertently moves sensitive data to a non-approved/non-authorized data center in an unapproved geography:
- Encryption will ensure that the sensitive data cannot be utilized without access to encryption keys or
- Organizations can develop a policy where any data that resides outside the approved geography or data center is removed from policy – leaving only encrypted data, useless to anyone who accesses it.
There is a lot of activity around the privacy and security of our data. If anything, the protection of personal data will never be the same again – and that is a very good thing.
WinMagic: Your Trusted Source for Encryption Solutions
Do you want to keep your confidential and sensitive data safe? Contact WinMagic today at 1-888-879-5879. Since 1997, we’ve been creating award-winning encryption solutions. Our most recent accolade was the 2015 CATAAlliance Outstanding Product Achievement Award.
But don’t let our awards or our experience sway you. Just talk to any one of our five million satisfied customers in over 80 countries. Call us today to learn more about our data security options.