TryTRY
BuyBUY
Utimaco
de
TRYour free HSM simulator
BUYget a quote

Next event

23/10 - 24/10 | Expo and Congress

IoT Security Summit 2017

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

Home / solutions / compliance / compliance & standardization / GDPR

GDPR

Is encryption the best way to implement GDPR?

The new EU data protection framework, also referred to as the General Data Protection Regulation (GDPR) will go into effect as of May 25th 2018. It comes with potentially heavy fines and applies to every company doing business in Europe.

Encryption is mentioned as the only technology recommended to achieve compliance. Are you ready?

Utimaco compliance

Are you using encryption technology to implement GDPR?

And if so, are you doing it right? What are the best practices? Why use HSM?

Key questions concerning the General Data Protection Regulation

The key questions that companies need to ask themselves are:

  • Does the GDPR apply to my organization? Even if my organization is based outside of the EU? Even if I am not storing or processing data in the EU – either in the cloud or on-premises?
  • What security strategy should businesses employ to ensure the proper protection of personal data and thereby avoid fines?
  • Are we using suitable technology to protect the personal data in question?
  • What other points of attention do we need to meet in order to be GDPR compliant?
  • Who can help us implement these solutions? And last but not least:
  • Are there any best practices?

What is GDPR trying to achieve?

The new EU GDPR, which comes into effect on May 25th 2018, defines the minimum standards for handling, securing and sharing personal data. The overall target of the GDPR directive is NOT to prevent the movement of data throughout or beyond the EU. On the contrary: the main target is to facilitate the movement of personal data, in a similar way to how the EU aims to facilitate the free movement of goods and persons. The GDPR also recommends the creation of standards, so that the exchange of data becomes easier. At the same time, however, it aims to protect an individual person’s right to own their personal data, to have it edited, removed and protected from abuse.

How is this done?

Technology:

The main mechanism the GDPR recommends to employ is that of pseudonymization, i.e. to ensure that the personal data in question cannot be abused, because it cannot be attributed to the person it belongs to thanks to the use of encryption. So even if the data is stolen, it cannot be abused.

Responsibilities

The GDPR defines clear responsibilities both for the data owner, (the so-called “controller”, who determines the purpose and means of the data processing), the processor (the one who processes on behalf of the controller) and the need for each data owning company to have a data protection officer (DPO), who is in charge within each controller and processor to monitor compliance and assess risk related to processing data.

Fines

Failure to comply with the requirements set by the GDPR to either install a data protection officer or to communicate a data breach appropriately and within the timeframe defined (72 hours), can result in fines of up to 20 million $US or 4% of the global annual revenue of a company.

Utimaco: GDPR - why encyption is so important to avoid fines

Utimaco: GDPR – why encryption is so important to avoid fines

Interested in learning more?

Watch the Utimaco Webinar on the GDPR or contact us directly at hsm@utimaco.com.

Stay on top of our news
Don’t miss out on any Utimaco updates

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Partners

Find a partner

Share this page