European Union General – General Data Protection Regulation

(EU GDPR)

 

Title Green Bar Focus

Protects the personal data of European Union residents.

 
 
 

Title Green Bar Data

Any information related to a data subject that can be used to directly or indirectly identify the person. It can be anything from names, photos, email addresses, bank details, social media posts, or medical information.
 
 
 

Title Green Bar Scope

Global – All organizations located inside or outside the EU, if they offer goods or services to, or monitor the behavior of, EU residents.
 
 

Title Green Bar Breach

Notification to Supervisory Authority and Affected Data Subjects if deemed necessary.
 
 

Title Green Bar Non-Compliance

Audits, Investigations, Significant Fines (Up to 4% Global Revenue or €20 Million), even a Temporary Ban on Operations.
 
 
Title Green Bar  EU GDPR Requirements Title Green Bar  Encryption Discussion Title Green Bar  WinMagic Solution

Article 6
Lawfulness of Processing

Take into account appropriate safeguards, including encryption:

  • the existence of appropriate safeguards, which may include encryption or pseudonymisation (4)(e)

SecureDoc Full Disk Encryption protects your data-at-rest and strengthens technical and organizational measures to ensure a level of security appropriate to risk.

SecureDoc Enterprise protects personal data to significantly reduce the threat of a data breach, helping you avoid the damaging fines and reputational damage associated with breach notification and non-compliance.

SecureDoc CloudVM strengthens GDPR Data Residency and Sovereignty requirements and reduces the burden of compliance associated with International Data Transfers by applying location-, time and cloning-based restrictions to ensure that EU resident data is only stored and processed in EU data centers.

SecureDoc CloudVM’s portable, persistent encryption ensures that no matter where a VM is cloned or moved, it will remain protected from unauthorized access or disclosure, even in third-countries with inadequate protection.

Article 32
Security of Processing

Implement technical and organizational measures to ensure a level of security appropriate to risk, including:

  • the pseudonymisation and encryption of personal data (1)(a)
 
Article 34:
Communication of a Personal Data Breach to the Data Subject
Avoid notifying all affected individuals and potential fines if:
  • the controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption (3)(a)
 
Data Residency and Data
Sovereignty
The European Commission and Member States determine whether a third-country provides adequate protection; if not, strict regulations must be adhered to, and strong safeguards must be implemented.