Businesses have one year to prepare for the GDPR: the new data protection regulation comes into force on May 25, 2018. With the aim of unifying data protection legislation across the European Union, the new regulation sets strict requirements for managing personal data for every business and organization who have EU-based employees and customers.
The upcoming European General Data Protection Regulation (GDPR) is largely based on the current German Federal Data Protection Act. The GDPR requires that companies protect personal information they handle.
Sending out personal information such as a private home address, bank details, or CVs of applicants with a normal email could lead to heavy fines under GDPR. It is best to secure emails containing personal information with end-to-end encryption. Find out here how easy your company can switch to a GDPR compliant email service like Tutanota.
GDPR: an opportunity for companies to protect data
"The GDPR is the first step in creating the privacy regulation that works on a large scale, and end-to-end encryption will play a key role in that. We’re proud to partner with other end-to-end encryption providers, that share the same commitment to providing the highest level of security and privacy. Together we can help legislators and businesses understand the advantage of end-to-end based solutions in securing consumer and business data with tools that are easy to use and integrate within existing business processes", says Alan Duric, CEO and co-founder of Swiss-based encrypted team messenger Wire.
"Reaching GDPR compliance is not merely a compliance process, but a real opportunity for all organizations to enhance the trust of consumers in digital services, and take significant steps towards better protecting staff, customer, and business data", says Istvan Lam, co-founder and CEO at cloud encryption company Tresorit. "Encryption is a tool which helps to secure personal data, but does not solve all GDPR requirements alone. There are challenges out of the scope of encryption, which need to be addressed. However, encryption helps businesses worry less about managing data in the cloud and focus on other matters", Lam adds.
"We see GDPR as a chance for businesses to join the privacy movement", says Matthias Pfau, co-founder of encrypted email service Tutanota. "We as well as other privacy-focused services see by the influx of new users that the privacy movement is growing fast. More and more people want their data to be handled and stored securely. This comes at no surprise as the scandals about data breaches constantly grow in numbers and dimensions. Soon companies who do business in Europe will be obliged to secure their customers' and employees' data. At first sight, this might seem like a big hassle to most companies while in fact it is a huge opportunity: By protecting their customers' data, companies will gain a competitive edge because more and more people realize that their data is valuable and that it must be protected."
Strong data protection hopefully echoed by policy change in the US
"Organizations must make sure their communication tools are both secure and privacy-compliant. The EU taking action to protect user data is certainly a step in the right direction", says Roman Flepp, press officer at Threema, the end-to-end encrypted messenger from Switzerland.
"In the past decade, the way business handle sensitive data has been completely revolutionized", says Dr. Andy Yen, Founder/CEO of Swiss encrypted email company ProtonMail, "and GDPR provides a long overdue update to the regulatory framework surrounding data protection."
"The GDPR is a critical step in protecting user privacy and ultimately digital freedom. The use of end-to-end encryption is moving into the mainstream and starting to be measured in not only lives protected but in dollars saved as businesses look to protect their customers most valuable assets – their data. We anticipate the unifying regulation in the EU will be echoed around the world and hopefully drive encrypted policy measures within the US in the near future", adds Ladar Levison, Founder of encrypted email service Lavabit.
"To achieve GDPR compliance, organisations will have to secure all communication channels with customers. Emailing, file sharing, messaging and voice calls should be protected by the same high standards. GDPR will require all-around data security from organisations", adds Szabolcs Kun, co-founder and CEO of CryptTalk, the secure mobile calling service developed by Arenim Technologies AB that protects calls against interception and eavesdropping.
With GDPR, encryption becomes the standard data protection technology
The GDPR highlights encryption as an appropriate technical measure to safeguard data, therefore making it a key technology measure to demonstrate compliance. The new legislation states that encryption makes data unintelligible to any person who accesses that in the case of a data breach. This way, companies using encryption can avoid breach notification and its costs, as personal data is not endangered.
Not all encryption is created equal though: encryption keys should be stored separately and data should be encrypted on the client side before being uploaded to the cloud. Unlike in-transit and at-rest encryption, end-to-end encrypted services store encryption keys at the client side. This guarantees that the encrypted data is never readable for the service provider. In case of a data breach, only encrypted data leaks, and re-identification of personal data is infeasible.