European Union General – General Data Protection Regulation

(EU GDPR)

Title Green Bar Scope

Global – All organizations located inside or outside the EU, if they offer goods or services to, or monitor the behavior of, EU residents.

Title Green Bar Breach Notification to Authority

Notification of breach to Supervisory Authority must be reported to the relevant regulator within 72 hours upon discovery/confirmation.

Title Green Bar Breach Notification to Affected Subjects 

Notification to Affected Data Subjects is required where there are high risks identified.

Title Green Bar Non-Compliance

Audits, Investigations, Significant Fines (Up to 4% Global Revenue or €20 Million), even a Temporary Ban on Operations.

 
  Title Green Bar  EU GDPR Requirements   Title Green Bar  Encryption Discussion   Title Green Bar  WinMagic Solution

Article 6
Lawfulness of Processing

Take into account appropriate safeguards, including encryption:

  • the existence of appropriate safeguards, which may include encryption or pseudonymisation (4)(e)

SecureDoc Full Disk Encryption protects your data-at-rest and strengthens technical and organizational measures to ensure a level of security appropriate to risk.

SecureDoc Enterprise protects personal data to significantly reduce the threat of a data breach, helping you avoid the damaging fines and reputational damage associated with breach notification and non-compliance.

SecureDoc CloudVM strengthens GDPR Data  Sovereignty requirements and reduces the burden of compliance associated with International Data Transfers by applying location-, time and cloning-based restrictions to ensure that EU resident data is only stored and processed in EU data centers.

SecureDoc CloudVM’s portable, persistent encryption ensures that no matter where a VM is cloned or moved, it will remain protected from unauthorized access or disclosure, even in third-countries with inadequate protection.

Article 32
Security of Processing

Implement technical and organizational measures to ensure a level of security appropriate to risk, including:

  • the pseudonymisation and encryption of personal data (1)(a)

Article 34:
Communication of a Personal Data Breach to the Data Subject

Avoid notifying all affected individuals and potential fines if:

  • the controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption (3)(a)

Data Sovereignty

The European Commission and Member States determine whether a third-country provides adequate protection; if not, strict regulations must be adhered to, and strong safeguards must be implemented.