EU Data Protection Regulation Whitepaper
Major data breaches are commonplace today, putting customers at risk of identity theft and financial loss, and businesses at risk of losing customer and investor loyalty, as well as regulatory fines. This whitepaper discusses what the new EU-wide Data Protection Regulation will mean to companies globally.
Securing your Data with Sophos Encryption
The new EU Regulation requires organizations to secure personal data. Encryption is the best way to do this. At Sophos we provide the most complete encryption solution available; securing data across multiple platforms and devices without slowing down your users.
powerful encryption that
doesn’t slow you down
Sophos SafeGuard Enterprise Encryption provides the most complete encryption solution on the market today, protecting data on multiple devices and operating systems. In addition to providing unparalleled data protection, our encryption solution is built to match your organization’s workflow and processes, without slowing down productivity.
So whether your data is residing on a laptop, a mobile device, or being shared via email or through the cloud, it is always safely encrypted.
New EU Data Protection Regulation in a nutshell
The new Data Protection Regulation will apply one consistent set of requirements for all organizations that hold data on European citizens. The legislation is very broad and covers many aspects of personal data.
The Regulation applies to organizations within the EU and to those organizations outside of the EU that offer goods and services to, or monitor the behavior of EU citizens. In terms of personal data security, this means implementing appropriate security measures to protect the data.
Encryption is widely agreed to be the best security measure available as it renders the data unintelligible to unauthorized parties in cases of data loss.
Under the new legislation, if you suffer a breach of personal data you can incur fines of up to €20 million or 4% of annual worldwide turnover.
If you can show that the personal data was subject to technological protection measures rendering it unintelligible to unauthorized people (e.g. encryption), you don't need to notify affected data subjects of the breach.
If you can show that the personal data was encrypted the likelihood of being fined as a result of a breach should be very greatly reduced.
The regulation officially entered into force on 24th May 2016 and from this point EU countries have up to two years to implement the new requirements.