Gdpr Encryption White Papers

Extrait du fichier (au format texte) :

Preparing for the
General Data Protection
Regulation (GDPR)
Technology Paper

Tough European Union
Standards Are Set to Impact
Cyber Security and Compliance
Worldwide
As an early adopter and leader in the development of drive-level encryption technologies, Seagate understands that the most valuable asset in any storage system is the data itself. And while encryption is only a small part of any true security strategy, it can help with privacy compliance.
Recent high profile mass data breaches, such as Equifax and Yahoo, have brought cyber security issues to the mainstream. The GDPR means tough European
Union (EU) standards on security and compliance will also become the norm in the US and worldwide. There is now greater emphasis on accountability, and drive-level encryption technologies are one method by which organizations can demonstrate this.

Changes to the GDPR
The GDPR is the most significant change in the world of data protection in a generation. It updates the law to recognize the significant advancements in technology during the last 20 years, and to address those technologies that will likely emerge in the future. The goal is twofold: 1) balance an individual's right to protection and 2) allow a data-based economy to thrive without stifling innovation.
Key changes at a glance:
Scope. The GDPR applies to organizations based in the EU, and any organization anywhere in the world which offers goods or services or monitors the behavior of people located in the EU. Citizenship or residency status is not pertinent. The
GDPR also contains direct obligations on service providers (known as processors)
for the first time. Furthermore, the European concept of personal information is broader than the US concept of personally identifiable information (PII), and includes online identifiers such as IP addresses.

Preparing for the GDPR
Accountability. This is a critical thread running throughout the GDPR. Accountability leads to a number of obligations for organizations responsible for personal information (known as controllers). It will not be sufficient for organizations to simply comply, they must demonstrate their compliance.
Organizations will have to keep records, record and justify their decisions, record an individual's consent, and may have to prove this to a European regulator.
Security. The GDPR requires that organizations put
appropriate technical and organizational measures  in place to protect personal information. Technical measures include drive-based encryption, passwords, access controls, twofactor authentication, etc. Organizational measures include information management policies, staff training, and having an information governance structure in place. What defines