European Union General – General Data Protection

(EU GDPR)

 Scope

Global – All organizations located inside or outside the EU, if they offer goods or services to, or monitor the behavior of, EU residents.

 Breach Notification to Authority

Notification of breach to Supervisory Authority must be reported to the relevant regulator within 72 hours upon discovery/confirmation.

Breach Notification to Affected Subjects

Notification to Affected Data Subjects is required where there are high risks identified.

 Non-Compliance

Audits, Investigations, Significant Fines (Up to $1.5 million in fines per year), and possible Criminal Penalties.

EU GDPR Requirements

Encryption Discussion

WinMagic Solution

Article 6
Lawfulness of Processing

Article 32
Security of Processing

Article 34:
Communication of a Personal Data Breach to the Data Subject

Data Sovereignty

Take into account appropriate safeguards, including encryption:

  • the existence of appropriate safeguards, which may include encryption or pseudonymisation (4)(e)

Implement technical and organizational measures to ensure a level of security appropriate to risk, including:

  • the pseudonymisation and encryption of personal data (1)(a)

Avoid notifying all affected individuals and potential fines if:

  • the controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption (3)(a)

The European Commission and Member States determine whether a third-country provides adequate protection; if not, strict regulations must be adhered to, and strong safeguards must be implemented.

SecureDoc Full Disk Encryption protects your data-at-rest and strengthens technical and organizational measures to ensure a level of security appropriate to risk.

SecureDoc Enterprise protects personal data to significantly reduce the threat of a data breach, helping you avoid the damaging fines and reputational damage associated with breach notification and non-compliance.

SecureDoc CloudVM strengthens GDPR Data  Sovereignty requirements and reduces the burden of compliance associated with International Data Transfers by applying location-, time and cloning-based restrictions to ensure that EU resident data is only stored and processed in EU data centers.

SecureDoc CloudVM’s portable, persistent encryption ensures that no matter where a VM is cloned or moved, it will remain protected from unauthorized access or disclosure, even in third-countries with inadequate protection.