SlideShare a Scribd company logo
1 of 7
Download to read offline
Quick guide to the
EU General Data
Protection Regulation
Quick guide to the EU General Data Protection Regulation	 - 01 -
The General Data Protection Regulation (GDPR) replaces the
EU’s 1995 Data Protection Directive 95/46/EC. The GDPR has been
developed to strengthen and unify online privacy rights and
data protection for individuals within the European Union (EU)
while streamlining the data protection obligations of businesses
serving EU citizens through a single Regulation instead of 28
different National laws.
On 8 April 2016 the Council adopted the GDPR and an associated
Directive. And on 14 April 2016 the Regulation and the Directive
were adopted by the European Parliament.
On 4 May 2016, the official texts of the Regulation and the
Directive were published in the Official Journal of the European
Union. The Regulation will apply from 25 May 2018.
The 28 EU Member States have implemented the 1995 rules
differently, making it difficult and costly for EU businesses
to operate across internal borders and considerable gross
differences in enforcement. It is estimated that the elimination
of this fragmentation will lead to savings for businesses of
around €2.3 billion a year across the European Union.
What are the changes?
Key changes in the reform include1
:
•	 The right to know when one’s data has been hacked: Companies and
organisations must notify the national supervisory authority of data
breaches which put individuals at risk and communicate to the data
subject all high risk breaches as soon as possible so that users can take
appropriate measures.
•	 Stronger enforcement of the rules: data protection authorities will be
able to fine companies who do not comply with EU rules up to 4% of
their global annual turnover. Administrative fines are not mandatory and
if imposed must be decided in each individual case and must be effective,
proportionate and dissuasive.
•	 One continent, one law: a single, pan-European law for data protection,
replacing the current patchwork of national laws. Companies will deal
with one law, not 28. The benefits are estimated at €2.3 billion per year.
•	 Organisations must notify the national authority of serious data
breaches as soon as possible (if feasible within 24 hours).
•	 EU rules must apply if personal data is handled abroad by companies
that are active in the EU market and their goods and services (including
free goods and services) to EU citizens, or if these organizations monitor
the behavior of individuals in the EU.
•	 Data protection by design and by default: ‘data protection by design’
and ‘data protection by default’ are now essential elements in EU data
protection rules. Data protection safeguards will be built into products
and services from the earliest stage of development, and privacy-friendly
default settings will be the norm.
1	Press Release Summary: http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm
Quick guide to the EU General Data Protection Regulation	 - 02 -
By strengthening data protection the EU is making it mandatory for
businesses to adequately protect sensitive personal data, defined as:
“any information relating to an identified or identifiable natural person
hereinafter referred to as ‘data subject’; an identifiable person is one who can
be identified, directly or indirectly, in particular by reference to an identification
number or to one or more factors specific to his or her physical, physiological,
mental, economic, cultural or social identity;”2
This broad definition of personal data easily covers the simplest records
that relate, even indirectly, to customers, clients, staff, pupils and any other
record relating to an individual.
2	REGULATION (EC) No 45/2001:
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2001.008.01.0001.01.ENG
What does the Regulation say about
protecting data?
Article 32, Security of processing states3
:
1.	Taking into account the state of the art, the costs of implementation and
the nature, scope, context and purposes of processing as well as the risk of
varying likelihood and severity for the rights and freedoms of natural persons,
the controller and the processor shall implement appropriate technical and
organisational measures to ensure a level of security appropriate to the risk,
including inter alia as appropriate:
a)	 the pseudonymisation and encryption of personal data;
b)	 the ability to ensure the ongoing confidentiality, integrity, availability and
resilience of processing systems and services;
c)	 the ability to restore the availability and access to personal data in a
timely manner in the event of a physical or technical incident;
d)	 a process for regularly testing, assessing and evaluating the effectiveness
of technical and organisational measures for ensuring the security of the
processing.
Encryption is the easiest and safest way to secure data as required
by Article 32 of the GDPR. The technology is an established means of
protecting information which is vulnerable to theft or loss. The GDPR also
makes the case for effective disaster recovery plans, password recovery and
key management systems.
Article 30 of the Regulation3 requires that records must be kept, including
a general description of the technical and organizational security measures
taken, as referred to in Article 32, meaning that organisations need records
and proof that systems are secure and that encrypted data is recoverable
after a technical incident.
3	Text of the Regulation:
http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679from=EN
Quick guide to the EU General Data Protection Regulation	 - 03 -
What are the data
breach-notification rules?
Article 333 requires notification of a personal data breach to the supervisory
authority and states that in the case of a personal data breach, the
supervisory authority must be notified, where feasible, not later than 72
hours after the organization in question becomes aware of the breach.
Any notification beyond 72 hours must be accompanied by a reasoned
justification for the delay.
Article 34³ refers to the communication of a personal data breach to the
data subject and states that:
1.	When the personal data breach is likely to result in a high risk to the rights
and freedoms of natural persons, the controller shall communicate the
personal data breach to the data subject without undue delay.
However, it goes on to state that:
3.	The communication to the data subject referred to in paragraph 1 shall not be
required if any of the following conditions are met:
a)	 the controller has implemented appropriate technical and organisational
protection measures, and those measures were applied to the personal
data affected by the personal data breach, in particular those that render
the personal data unintelligible to any person who is not authorised to
access it, such as encryption;
b)	 the controller has taken subsequent measures which ensure that the high
risk to the rights and freedoms of data subjects referred to in paragraph 1
is no longer likely to materialise;
c)	 it would involve disproportionate effort. In such a case, there shall instead
be a public communication or similar measure whereby the data subjects
are informed in an equally effective manner.
Studies have shown that the later a data breach is reported the more
damaging are the consequences to the organisation in question. Again, it
is clear that encryption is considered a sufficient safeguard to preclude this
and the consequences for corporate reputation.
How does the Regulation discourage
offenders?
Article 83, General conditions for imposing administrative fines – point 44
:
4.	Infringements of the following provisions shall, in accordance with paragraph
2, be subject to administrative fines up to 10 000 000 EUR, or in the case
of an undertaking, up to 2 % of the total worldwide annual turnover of the
preceding financial year, whichever is higher:
a)	 the obligations of the controller and the processor pursuant to Articles
8, 11, 25 to 39 and 42 and 43; Thus covering articles regarding breach
notification rules – Article 33 and Article 34, and point five of Article 83
further states:
5.	Infringements of the following provisions shall, in accordance with paragraph
2, be subject to administrative fines up to 20 000 000 EUR, or in the case
of an undertaking, up to 4 % of the total worldwide annual turnover of the
preceding financial year, whichever is higher:
a)	 the basic principles for processing, including conditions for consent,
pursuant to Articles 5, 6, 7 and 9;
4	Text of the Regulation:
http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679from=EN
Quick guide to the EU General Data Protection Regulation	 - 04 -
Where Article 5,Principles relating to processing of personal data, states:
1.	Personal data shall be:
f)	 processed in a manner that ensures appropriate security of the personal
data, including protection against unauthorised or unlawful processing
and against accidental loss, destruction or damage, using appropriate
technical or organisational measures (‘integrity and confidentiality’).
This clear intent to penalise and discourage offenders will come into force
in less than two years so it’s time to act now.
Some countries have already started work; The Dutch senate passed a
bill in May 2015 to amend their Data Protection Act in anticipation of
and pre-empting the GDPR, moving the Netherlands from having one of
Europe’s weakest enforcement regimes to having one of its strongest.
The regulation will be enforced throughout all 28 member states from
May 2018.
What measures should be taken now?
The Regulation requires organisations of all sizes to adopt a new set of
processes and policies aimed at giving Individuals greater control over
their personal records. Much of this will involve writing new processes and
manuals, retraining staff and updating systems to accommodate these
new procedures. Other steps involve practical measures, such as employing
encryption where data is exposed to risk.
A lost or stolen laptop or USB stick need not lead to a penalty if it has been
encrypted with a validated product. DESlock software has been helping
organisations of all sizes to encrypt laptops, removable media, email and
files for many years. Our products cover all Windows platforms from
XP to Windows 10 and iOS from Version 7 and up. Our software is built
upon a FIPS 140-2 level 1 validated cryptographic subsystem and our key
management system and unique management server are the subject of
worldwide patents.
Contact ESET in your region or your ESET Reseller for more information, to
arrange a product demo or for trial software.
One of the key principles of the GDPR, as stated in Article 5, is ensuring
appropriate security for personal data. And as stated in Article 32, Security
of processing, encryption is an appropriate technical measure to achieve
this. Where encryption is used as a technical measure it must be possible
to restore it promptly after an incident and records must be kept to prove
that systems are both secure and recoverable.
DESlock Encryption by ESET is designed to tackle these requirements in a
simple and effective manner.
Quick guide to the EU General Data Protection Regulation	 - 05 -
Objective DESlock Encryption by ESET
Secure data at rest within
the organisation
All commercial versions of DESlock Encryption
include file, folder and removable media
encryption as standard to secure data at the
endpoint.
Secure data in transit DESlock+ Pro includes full-disk and removable
media encryption for USB drives and optical media
to secure data on the move
Secure data for mobile /
home working practices
Commercial DESlock Encryption licences extend
to a second installation on a privately-owned PC.
Beyond this, DESlock+ Go adds portable encryption
to any USB storage device.
Secure transfer of data
between locations
All versions of DESlock Encryption include an
Outlook plug-in, clipboard encryption compatible
with all mail clients including webmail, and
attachment encryption for any system. optical
media encryption allows the safe transfer of data
stored on CD or DVD.
Block / Limit access to
certain data
Unique, patented key-sharing technology make
it simple to deploy and manage complex, multi-
layered teams and workgroups.
Allow access to secure
data when requested.
The DESlock+ Enterprise Server is designed for
remote user management via a secure internet
connection. Keys may be centrally distributed and
withdrawn rapidly.
Secure safe storage of
personal data
DESlock Encryption is FIPS-140-2 validated and
uses reliable, approved and secure industry
standard encryption algorithms and methods.
Secure destruction of
redundant data
The DESlock+ Desktop Shredder tool securely
deletes data to the DoD-5220.22-M standard
ensuring that it is completely unrecoverable.
Further Information
How ESET can help with GDPR
https://encryption.eset.com/
Reform of EU data protection rules
http://ec.europa.eu/justice/data-protection/reform/
Regulation (EU) 2016/679 of the European Parliament
and of the Council
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679
Learn more at encryption.eset.com
ESET, spol. s r.o.
Aupark Tower, 16th Floor
Einsteinova 24, 851 01 Bratislava
Slovak Republic
TRY DESLOCK ENCRYPTION FOR FREE

More Related Content

What's hot

New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
 
Gdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoGdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoKeithBudden3
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRIT Governance Ltd
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPRRobert Bond
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer IT Governance Ltd
 
Datum DPO outsourced May 2016
Datum DPO outsourced May 2016Datum DPO outsourced May 2016
Datum DPO outsourced May 2016Mark Honeyball
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
 
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationCognizant
 
[CB19] Applicability of GDPR and APPI to international companies and the impa...
[CB19] Applicability of GDPR and APPI to international companies and the impa...[CB19] Applicability of GDPR and APPI to international companies and the impa...
[CB19] Applicability of GDPR and APPI to international companies and the impa...CODE BLUE
 
Factsheet data protection_en
Factsheet data protection_enFactsheet data protection_en
Factsheet data protection_enGreg Sterling
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRIT Governance Ltd
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT LegalCyber Watching
 
GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018Marjane Moghimi, ERP
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection RegulationRamiro Cid
 

What's hot (20)

New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
 
Gdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoGdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seo
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPR
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer
 
Datum DPO outsourced May 2016
Datum DPO outsourced May 2016Datum DPO outsourced May 2016
Datum DPO outsourced May 2016
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...
 
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
 
[CB19] Applicability of GDPR and APPI to international companies and the impa...
[CB19] Applicability of GDPR and APPI to international companies and the impa...[CB19] Applicability of GDPR and APPI to international companies and the impa...
[CB19] Applicability of GDPR and APPI to international companies and the impa...
 
Factsheet data protection_en
Factsheet data protection_enFactsheet data protection_en
Factsheet data protection_en
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key Changes
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPR
 
GDPR 101
GDPR 101 GDPR 101
GDPR 101
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection Regulation
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
 
GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection Regulation
 

Similar to Quick guide to EU GDPR data protection rules

General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary Compliance3
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
The new data privacy regulation framework
The new data privacy regulation framework The new data privacy regulation framework
The new data privacy regulation framework Thiebaut Devergranne
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
20131009 aon security breach legislation
20131009 aon security breach legislation20131009 aon security breach legislation
20131009 aon security breach legislationJos Dumortier
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regimeijtsrd
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018TRA - Tax Representative Alliance
 
The Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiThe Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiKrowdthink
 
EU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart MeteringEU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart Meteringnuances
 
EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?VYTIS MALECKAS
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paperGraeme Cross
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
GDPR - The new era of data protection
GDPR - The new era of data protectionGDPR - The new era of data protection
GDPR - The new era of data protectionInterlogica
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
 
GDPR: Are you Ready?
GDPR: Are you Ready?GDPR: Are you Ready?
GDPR: Are you Ready?EngageHub
 

Similar to Quick guide to EU GDPR data protection rules (20)

General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
 
The new data privacy regulation framework
The new data privacy regulation framework The new data privacy regulation framework
The new data privacy regulation framework
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
20131009 aon security breach legislation
20131009 aon security breach legislation20131009 aon security breach legislation
20131009 aon security breach legislation
 
Are you compliant?
Are you compliant?Are you compliant?
Are you compliant?
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regime
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
 
EU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh NetworksEU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh Networks
 
euregs
euregseuregs
euregs
 
The Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiThe Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech Wiewiorowski
 
EU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart MeteringEU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart Metering
 
GDPR SECURITY ISSUES
GDPR SECURITY ISSUESGDPR SECURITY ISSUES
GDPR SECURITY ISSUES
 
EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paper
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
 
GDPR - The new era of data protection
GDPR - The new era of data protectionGDPR - The new era of data protection
GDPR - The new era of data protection
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
 
GDPR: Are you Ready?
GDPR: Are you Ready?GDPR: Are you Ready?
GDPR: Are you Ready?
 

More from Miguel Mello

Backbase omni channel banking report
Backbase omni channel banking reportBackbase omni channel banking report
Backbase omni channel banking reportMiguel Mello
 
Digital Transformation Iniciative
Digital Transformation IniciativeDigital Transformation Iniciative
Digital Transformation IniciativeMiguel Mello
 
Estudo IDC Microsoft - RGPD
Estudo IDC Microsoft - RGPDEstudo IDC Microsoft - RGPD
Estudo IDC Microsoft - RGPDMiguel Mello
 
Accenture: The Future of Fintech and Banking
Accenture: The Future of Fintech and BankingAccenture: The Future of Fintech and Banking
Accenture: The Future of Fintech and BankingMiguel Mello
 
Microsoft Azure and the EU GDPR
Microsoft Azure and the EU GDPRMicrosoft Azure and the EU GDPR
Microsoft Azure and the EU GDPRMiguel Mello
 
5 steps to enhance customer experience with iot analytics
5 steps to enhance customer experience with iot analytics5 steps to enhance customer experience with iot analytics
5 steps to enhance customer experience with iot analyticsMiguel Mello
 
Marketing Analytics Meets Artificial Intelligence: Six Strategies for Success
Marketing Analytics Meets Artificial Intelligence: Six Strategies for SuccessMarketing Analytics Meets Artificial Intelligence: Six Strategies for Success
Marketing Analytics Meets Artificial Intelligence: Six Strategies for SuccessMiguel Mello
 
Beginning your GDPR journey
Beginning your GDPR journeyBeginning your GDPR journey
Beginning your GDPR journeyMiguel Mello
 
Research insights - state of network security
Research insights - state of network securityResearch insights - state of network security
Research insights - state of network securityMiguel Mello
 
10 Things Banks Should be Doing in 2018
10 Things Banks Should be Doing in 201810 Things Banks Should be Doing in 2018
10 Things Banks Should be Doing in 2018Miguel Mello
 
Digital transformation and customer care
Digital transformation and customer careDigital transformation and customer care
Digital transformation and customer careMiguel Mello
 
Let's Celebrate Life
Let's Celebrate LifeLet's Celebrate Life
Let's Celebrate LifeMiguel Mello
 

More from Miguel Mello (15)

Palestra Cidades
Palestra CidadesPalestra Cidades
Palestra Cidades
 
Backbase omni channel banking report
Backbase omni channel banking reportBackbase omni channel banking report
Backbase omni channel banking report
 
Digital Transformation Iniciative
Digital Transformation IniciativeDigital Transformation Iniciative
Digital Transformation Iniciative
 
Estudo IDC Microsoft - RGPD
Estudo IDC Microsoft - RGPDEstudo IDC Microsoft - RGPD
Estudo IDC Microsoft - RGPD
 
Accenture: The Future of Fintech and Banking
Accenture: The Future of Fintech and BankingAccenture: The Future of Fintech and Banking
Accenture: The Future of Fintech and Banking
 
Microsoft Azure and the EU GDPR
Microsoft Azure and the EU GDPRMicrosoft Azure and the EU GDPR
Microsoft Azure and the EU GDPR
 
5 steps to enhance customer experience with iot analytics
5 steps to enhance customer experience with iot analytics5 steps to enhance customer experience with iot analytics
5 steps to enhance customer experience with iot analytics
 
BOON TECH
BOON TECHBOON TECH
BOON TECH
 
GDPR Compliance
GDPR ComplianceGDPR Compliance
GDPR Compliance
 
Marketing Analytics Meets Artificial Intelligence: Six Strategies for Success
Marketing Analytics Meets Artificial Intelligence: Six Strategies for SuccessMarketing Analytics Meets Artificial Intelligence: Six Strategies for Success
Marketing Analytics Meets Artificial Intelligence: Six Strategies for Success
 
Beginning your GDPR journey
Beginning your GDPR journeyBeginning your GDPR journey
Beginning your GDPR journey
 
Research insights - state of network security
Research insights - state of network securityResearch insights - state of network security
Research insights - state of network security
 
10 Things Banks Should be Doing in 2018
10 Things Banks Should be Doing in 201810 Things Banks Should be Doing in 2018
10 Things Banks Should be Doing in 2018
 
Digital transformation and customer care
Digital transformation and customer careDigital transformation and customer care
Digital transformation and customer care
 
Let's Celebrate Life
Let's Celebrate LifeLet's Celebrate Life
Let's Celebrate Life
 

Recently uploaded

Decoding Movie Sentiments: Analyzing Reviews with Data Analysis model
Decoding Movie Sentiments: Analyzing Reviews with Data Analysis modelDecoding Movie Sentiments: Analyzing Reviews with Data Analysis model
Decoding Movie Sentiments: Analyzing Reviews with Data Analysis modelBoston Institute of Analytics
 
Rithik Kumar Singh codealpha pythohn.pdf
Rithik Kumar Singh codealpha pythohn.pdfRithik Kumar Singh codealpha pythohn.pdf
Rithik Kumar Singh codealpha pythohn.pdfrahulyadav957181
 
Principles and Practices of Data Visualization
Principles and Practices of Data VisualizationPrinciples and Practices of Data Visualization
Principles and Practices of Data VisualizationKianJazayeri1
 
Non Text Magic Studio Magic Design for Presentations L&P.pdf
Non Text Magic Studio Magic Design for Presentations L&P.pdfNon Text Magic Studio Magic Design for Presentations L&P.pdf
Non Text Magic Studio Magic Design for Presentations L&P.pdfPratikPatil591646
 
modul pembelajaran robotic Workshop _ by Slidesgo.pptx
modul pembelajaran robotic Workshop _ by Slidesgo.pptxmodul pembelajaran robotic Workshop _ by Slidesgo.pptx
modul pembelajaran robotic Workshop _ by Slidesgo.pptxaleedritatuxx
 
Digital Marketing Plan, how digital marketing works
Digital Marketing Plan, how digital marketing worksDigital Marketing Plan, how digital marketing works
Digital Marketing Plan, how digital marketing worksdeepakthakur548787
 
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...Boston Institute of Analytics
 
IBEF report on the Insurance market in India
IBEF report on the Insurance market in IndiaIBEF report on the Insurance market in India
IBEF report on the Insurance market in IndiaManalVerma4
 
Bank Loan Approval Analysis: A Comprehensive Data Analysis Project
Bank Loan Approval Analysis: A Comprehensive Data Analysis ProjectBank Loan Approval Analysis: A Comprehensive Data Analysis Project
Bank Loan Approval Analysis: A Comprehensive Data Analysis ProjectBoston Institute of Analytics
 
Data Factory in Microsoft Fabric (MsBIP #82)
Data Factory in Microsoft Fabric (MsBIP #82)Data Factory in Microsoft Fabric (MsBIP #82)
Data Factory in Microsoft Fabric (MsBIP #82)Cathrine Wilhelmsen
 
Introduction to Mongo DB-open-­‐source, high-­‐performance, document-­‐orient...
Introduction to Mongo DB-open-­‐source, high-­‐performance, document-­‐orient...Introduction to Mongo DB-open-­‐source, high-­‐performance, document-­‐orient...
Introduction to Mongo DB-open-­‐source, high-­‐performance, document-­‐orient...boychatmate1
 
Statistics For Management by Richard I. Levin 8ed.pdf
Statistics For Management by Richard I. Levin 8ed.pdfStatistics For Management by Richard I. Levin 8ed.pdf
Statistics For Management by Richard I. Levin 8ed.pdfnikeshsingh56
 
FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024
FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024
FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024Susanna-Assunta Sansone
 
World Economic Forum Metaverse Ecosystem By Utpal Chakraborty.pdf
World Economic Forum Metaverse Ecosystem By Utpal Chakraborty.pdfWorld Economic Forum Metaverse Ecosystem By Utpal Chakraborty.pdf
World Economic Forum Metaverse Ecosystem By Utpal Chakraborty.pdfsimulationsindia
 
Decoding Patterns: Customer Churn Prediction Data Analysis Project
Decoding Patterns: Customer Churn Prediction Data Analysis ProjectDecoding Patterns: Customer Churn Prediction Data Analysis Project
Decoding Patterns: Customer Churn Prediction Data Analysis ProjectBoston Institute of Analytics
 
Digital Indonesia Report 2024 by We Are Social .pdf
Digital Indonesia Report 2024 by We Are Social .pdfDigital Indonesia Report 2024 by We Are Social .pdf
Digital Indonesia Report 2024 by We Are Social .pdfNicoChristianSunaryo
 
Data Analysis Project Presentation: Unveiling Your Ideal Customer, Bank Custo...
Data Analysis Project Presentation: Unveiling Your Ideal Customer, Bank Custo...Data Analysis Project Presentation: Unveiling Your Ideal Customer, Bank Custo...
Data Analysis Project Presentation: Unveiling Your Ideal Customer, Bank Custo...Boston Institute of Analytics
 
why-transparency-and-traceability-are-essential-for-sustainable-supply-chains...
why-transparency-and-traceability-are-essential-for-sustainable-supply-chains...why-transparency-and-traceability-are-essential-for-sustainable-supply-chains...
why-transparency-and-traceability-are-essential-for-sustainable-supply-chains...Jack Cole
 

Recently uploaded (20)

Decoding Movie Sentiments: Analyzing Reviews with Data Analysis model
Decoding Movie Sentiments: Analyzing Reviews with Data Analysis modelDecoding Movie Sentiments: Analyzing Reviews with Data Analysis model
Decoding Movie Sentiments: Analyzing Reviews with Data Analysis model
 
Rithik Kumar Singh codealpha pythohn.pdf
Rithik Kumar Singh codealpha pythohn.pdfRithik Kumar Singh codealpha pythohn.pdf
Rithik Kumar Singh codealpha pythohn.pdf
 
Principles and Practices of Data Visualization
Principles and Practices of Data VisualizationPrinciples and Practices of Data Visualization
Principles and Practices of Data Visualization
 
Non Text Magic Studio Magic Design for Presentations L&P.pdf
Non Text Magic Studio Magic Design for Presentations L&P.pdfNon Text Magic Studio Magic Design for Presentations L&P.pdf
Non Text Magic Studio Magic Design for Presentations L&P.pdf
 
modul pembelajaran robotic Workshop _ by Slidesgo.pptx
modul pembelajaran robotic Workshop _ by Slidesgo.pptxmodul pembelajaran robotic Workshop _ by Slidesgo.pptx
modul pembelajaran robotic Workshop _ by Slidesgo.pptx
 
Digital Marketing Plan, how digital marketing works
Digital Marketing Plan, how digital marketing worksDigital Marketing Plan, how digital marketing works
Digital Marketing Plan, how digital marketing works
 
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
 
IBEF report on the Insurance market in India
IBEF report on the Insurance market in IndiaIBEF report on the Insurance market in India
IBEF report on the Insurance market in India
 
Bank Loan Approval Analysis: A Comprehensive Data Analysis Project
Bank Loan Approval Analysis: A Comprehensive Data Analysis ProjectBank Loan Approval Analysis: A Comprehensive Data Analysis Project
Bank Loan Approval Analysis: A Comprehensive Data Analysis Project
 
Data Factory in Microsoft Fabric (MsBIP #82)
Data Factory in Microsoft Fabric (MsBIP #82)Data Factory in Microsoft Fabric (MsBIP #82)
Data Factory in Microsoft Fabric (MsBIP #82)
 
Data Analysis Project: Stroke Prediction
Data Analysis Project: Stroke PredictionData Analysis Project: Stroke Prediction
Data Analysis Project: Stroke Prediction
 
Insurance Churn Prediction Data Analysis Project
Insurance Churn Prediction Data Analysis ProjectInsurance Churn Prediction Data Analysis Project
Insurance Churn Prediction Data Analysis Project
 
Introduction to Mongo DB-open-­‐source, high-­‐performance, document-­‐orient...
Introduction to Mongo DB-open-­‐source, high-­‐performance, document-­‐orient...Introduction to Mongo DB-open-­‐source, high-­‐performance, document-­‐orient...
Introduction to Mongo DB-open-­‐source, high-­‐performance, document-­‐orient...
 
Statistics For Management by Richard I. Levin 8ed.pdf
Statistics For Management by Richard I. Levin 8ed.pdfStatistics For Management by Richard I. Levin 8ed.pdf
Statistics For Management by Richard I. Levin 8ed.pdf
 
FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024
FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024
FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024
 
World Economic Forum Metaverse Ecosystem By Utpal Chakraborty.pdf
World Economic Forum Metaverse Ecosystem By Utpal Chakraborty.pdfWorld Economic Forum Metaverse Ecosystem By Utpal Chakraborty.pdf
World Economic Forum Metaverse Ecosystem By Utpal Chakraborty.pdf
 
Decoding Patterns: Customer Churn Prediction Data Analysis Project
Decoding Patterns: Customer Churn Prediction Data Analysis ProjectDecoding Patterns: Customer Churn Prediction Data Analysis Project
Decoding Patterns: Customer Churn Prediction Data Analysis Project
 
Digital Indonesia Report 2024 by We Are Social .pdf
Digital Indonesia Report 2024 by We Are Social .pdfDigital Indonesia Report 2024 by We Are Social .pdf
Digital Indonesia Report 2024 by We Are Social .pdf
 
Data Analysis Project Presentation: Unveiling Your Ideal Customer, Bank Custo...
Data Analysis Project Presentation: Unveiling Your Ideal Customer, Bank Custo...Data Analysis Project Presentation: Unveiling Your Ideal Customer, Bank Custo...
Data Analysis Project Presentation: Unveiling Your Ideal Customer, Bank Custo...
 
why-transparency-and-traceability-are-essential-for-sustainable-supply-chains...
why-transparency-and-traceability-are-essential-for-sustainable-supply-chains...why-transparency-and-traceability-are-essential-for-sustainable-supply-chains...
why-transparency-and-traceability-are-essential-for-sustainable-supply-chains...
 

Quick guide to EU GDPR data protection rules

  • 1. Quick guide to the EU General Data Protection Regulation
  • 2. Quick guide to the EU General Data Protection Regulation - 01 - The General Data Protection Regulation (GDPR) replaces the EU’s 1995 Data Protection Directive 95/46/EC. The GDPR has been developed to strengthen and unify online privacy rights and data protection for individuals within the European Union (EU) while streamlining the data protection obligations of businesses serving EU citizens through a single Regulation instead of 28 different National laws. On 8 April 2016 the Council adopted the GDPR and an associated Directive. And on 14 April 2016 the Regulation and the Directive were adopted by the European Parliament. On 4 May 2016, the official texts of the Regulation and the Directive were published in the Official Journal of the European Union. The Regulation will apply from 25 May 2018. The 28 EU Member States have implemented the 1995 rules differently, making it difficult and costly for EU businesses to operate across internal borders and considerable gross differences in enforcement. It is estimated that the elimination of this fragmentation will lead to savings for businesses of around €2.3 billion a year across the European Union. What are the changes? Key changes in the reform include1 : • The right to know when one’s data has been hacked: Companies and organisations must notify the national supervisory authority of data breaches which put individuals at risk and communicate to the data subject all high risk breaches as soon as possible so that users can take appropriate measures. • Stronger enforcement of the rules: data protection authorities will be able to fine companies who do not comply with EU rules up to 4% of their global annual turnover. Administrative fines are not mandatory and if imposed must be decided in each individual case and must be effective, proportionate and dissuasive. • One continent, one law: a single, pan-European law for data protection, replacing the current patchwork of national laws. Companies will deal with one law, not 28. The benefits are estimated at €2.3 billion per year. • Organisations must notify the national authority of serious data breaches as soon as possible (if feasible within 24 hours). • EU rules must apply if personal data is handled abroad by companies that are active in the EU market and their goods and services (including free goods and services) to EU citizens, or if these organizations monitor the behavior of individuals in the EU. • Data protection by design and by default: ‘data protection by design’ and ‘data protection by default’ are now essential elements in EU data protection rules. Data protection safeguards will be built into products and services from the earliest stage of development, and privacy-friendly default settings will be the norm. 1 Press Release Summary: http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm
  • 3. Quick guide to the EU General Data Protection Regulation - 02 - By strengthening data protection the EU is making it mandatory for businesses to adequately protect sensitive personal data, defined as: “any information relating to an identified or identifiable natural person hereinafter referred to as ‘data subject’; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity;”2 This broad definition of personal data easily covers the simplest records that relate, even indirectly, to customers, clients, staff, pupils and any other record relating to an individual. 2 REGULATION (EC) No 45/2001: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2001.008.01.0001.01.ENG What does the Regulation say about protecting data? Article 32, Security of processing states3 : 1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: a) the pseudonymisation and encryption of personal data; b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. Encryption is the easiest and safest way to secure data as required by Article 32 of the GDPR. The technology is an established means of protecting information which is vulnerable to theft or loss. The GDPR also makes the case for effective disaster recovery plans, password recovery and key management systems. Article 30 of the Regulation3 requires that records must be kept, including a general description of the technical and organizational security measures taken, as referred to in Article 32, meaning that organisations need records and proof that systems are secure and that encrypted data is recoverable after a technical incident. 3 Text of the Regulation: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679from=EN
  • 4. Quick guide to the EU General Data Protection Regulation - 03 - What are the data breach-notification rules? Article 333 requires notification of a personal data breach to the supervisory authority and states that in the case of a personal data breach, the supervisory authority must be notified, where feasible, not later than 72 hours after the organization in question becomes aware of the breach. Any notification beyond 72 hours must be accompanied by a reasoned justification for the delay. Article 34³ refers to the communication of a personal data breach to the data subject and states that: 1. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay. However, it goes on to state that: 3. The communication to the data subject referred to in paragraph 1 shall not be required if any of the following conditions are met: a) the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption; b) the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects referred to in paragraph 1 is no longer likely to materialise; c) it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner. Studies have shown that the later a data breach is reported the more damaging are the consequences to the organisation in question. Again, it is clear that encryption is considered a sufficient safeguard to preclude this and the consequences for corporate reputation. How does the Regulation discourage offenders? Article 83, General conditions for imposing administrative fines – point 44 : 4. Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 10 000 000 EUR, or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher: a) the obligations of the controller and the processor pursuant to Articles 8, 11, 25 to 39 and 42 and 43; Thus covering articles regarding breach notification rules – Article 33 and Article 34, and point five of Article 83 further states: 5. Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher: a) the basic principles for processing, including conditions for consent, pursuant to Articles 5, 6, 7 and 9; 4 Text of the Regulation: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679from=EN
  • 5. Quick guide to the EU General Data Protection Regulation - 04 - Where Article 5,Principles relating to processing of personal data, states: 1. Personal data shall be: f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’). This clear intent to penalise and discourage offenders will come into force in less than two years so it’s time to act now. Some countries have already started work; The Dutch senate passed a bill in May 2015 to amend their Data Protection Act in anticipation of and pre-empting the GDPR, moving the Netherlands from having one of Europe’s weakest enforcement regimes to having one of its strongest. The regulation will be enforced throughout all 28 member states from May 2018. What measures should be taken now? The Regulation requires organisations of all sizes to adopt a new set of processes and policies aimed at giving Individuals greater control over their personal records. Much of this will involve writing new processes and manuals, retraining staff and updating systems to accommodate these new procedures. Other steps involve practical measures, such as employing encryption where data is exposed to risk. A lost or stolen laptop or USB stick need not lead to a penalty if it has been encrypted with a validated product. DESlock software has been helping organisations of all sizes to encrypt laptops, removable media, email and files for many years. Our products cover all Windows platforms from XP to Windows 10 and iOS from Version 7 and up. Our software is built upon a FIPS 140-2 level 1 validated cryptographic subsystem and our key management system and unique management server are the subject of worldwide patents. Contact ESET in your region or your ESET Reseller for more information, to arrange a product demo or for trial software. One of the key principles of the GDPR, as stated in Article 5, is ensuring appropriate security for personal data. And as stated in Article 32, Security of processing, encryption is an appropriate technical measure to achieve this. Where encryption is used as a technical measure it must be possible to restore it promptly after an incident and records must be kept to prove that systems are both secure and recoverable. DESlock Encryption by ESET is designed to tackle these requirements in a simple and effective manner.
  • 6. Quick guide to the EU General Data Protection Regulation - 05 - Objective DESlock Encryption by ESET Secure data at rest within the organisation All commercial versions of DESlock Encryption include file, folder and removable media encryption as standard to secure data at the endpoint. Secure data in transit DESlock+ Pro includes full-disk and removable media encryption for USB drives and optical media to secure data on the move Secure data for mobile / home working practices Commercial DESlock Encryption licences extend to a second installation on a privately-owned PC. Beyond this, DESlock+ Go adds portable encryption to any USB storage device. Secure transfer of data between locations All versions of DESlock Encryption include an Outlook plug-in, clipboard encryption compatible with all mail clients including webmail, and attachment encryption for any system. optical media encryption allows the safe transfer of data stored on CD or DVD. Block / Limit access to certain data Unique, patented key-sharing technology make it simple to deploy and manage complex, multi- layered teams and workgroups. Allow access to secure data when requested. The DESlock+ Enterprise Server is designed for remote user management via a secure internet connection. Keys may be centrally distributed and withdrawn rapidly. Secure safe storage of personal data DESlock Encryption is FIPS-140-2 validated and uses reliable, approved and secure industry standard encryption algorithms and methods. Secure destruction of redundant data The DESlock+ Desktop Shredder tool securely deletes data to the DoD-5220.22-M standard ensuring that it is completely unrecoverable. Further Information How ESET can help with GDPR https://encryption.eset.com/ Reform of EU data protection rules http://ec.europa.eu/justice/data-protection/reform/ Regulation (EU) 2016/679 of the European Parliament and of the Council http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679
  • 7. Learn more at encryption.eset.com ESET, spol. s r.o. Aupark Tower, 16th Floor Einsteinova 24, 851 01 Bratislava Slovak Republic TRY DESLOCK ENCRYPTION FOR FREE