What is the GDPR?
The EU General Data Protection Regulation (GDPR) is a binding legislative act concerning the protection of personal data and individual rights. The GDPR replaces the Data Protection Directive 95/46/EC.
It was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations approach data privacy. The GDPR requires companies to implement reasonable ways to protect their data, such as encryption, to protect it against data loss or exposure.
Who is affected by GDPR?
The GDPR applies to all organizations located within the EU, or outside of the EU, processing and holding the personal data of EU citizens, in order to: offer goods or services, or monitor their behavior within the EU.
How can GhostVolt help towards compliance?
The GDPR states:
In order to maintain security and to prevent processing in infringement of this Regulation, the controller or processor should evaluate the risks inherent in the processing and implement measures to mitigate those risks, such as encryption.
In order to prevent data breaches businesses must make sure that personal data is stored securely. GhostVolt uses the strongest encryption, 256-bit AES to encrypt rendering files useless when breached.
What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million – whichever is greater. This is the maximum fine that can be imposed for the most serious infringements. It is important to note that these rules apply to both controllers and processors – meaning ‘clouds’ will not be exempt from GDPR enforcement.
How does the GDPR handle personal data breaches?
In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.
What are my main responsibilities under the GDPR?
If your organization handles personal data, the Information Commissioner’s Office (ICO) states that you are expected to put into place comprehensive but proportionate governance measures. These measures should minimize the risk of breaches and uphold the protection of personal data. The exact responsibilities that apply are different for every organization, depending on its size, industry and what kind of data is being stored.