How data encryption could save you from hefty GDPR fines
General Data Protection Regulation (GDPR), which is replacing an outdated directive created in 1995, was approved in April 2016 and must be complied by EU businesses by May 2018.
GDPR is a new data protection standard on the collection of EU citizen’s personal data, protecting people from privacy and data breaches in an increasingly data driven world. Failing to meet the GDPR standard by May 2018 could result in huge fines (up to €20,000,000 or 4% of annual turnover, whichever is the greater). Therefore, it is imperative that you review your data protection schemes ready for the compliance of GDPR.
The regulation recommends pseudonymisation and encryption as two methods that can be used to protect personally identifiable information, meeting the new standard.
Data encryption prevents unauthorised parties from reading data, by translating plaintext data into another form – ciphertext. The encrypted data can only be accessed with a decryption key.
IBM found in their Cost of a Data Breach 2017 report that one of the most effective and important factors in reducing data breach costs is encryption and that the average cost per lost or stolen record in the UK is estimated at £98, but an extensive encryption scheme can save approximately £11 per record alone. Data encryption is an efficient method for reducing data breaches and its cost.
Portable and transferable data or devices face a greater risk of data breaches. There are a number of ways business systems could benefit from encryption:
- Email – secure email solutions employ encryption to secure the contents of email in the transmission process and whilst sitting in a mailbox.
- File transfers – it is important to use transfer systems such as AirDrop, WeTransfer and DropBox that use encryption when your files are being transferred.
- Individual files – file-by-file encryption provides security on a required basis and can be done yourself.
- Removable data devices – memory sticks and other portable storage devices are susceptible to theft or loss. Encryption of the data on these devices would reduce the loss and fortunately, many devices come with encryption.
- Hard drives – a hard drive is a memory device that permanently stores and retrieves data on a computer and can be encrypted to reduce the loss of this data.
- Laptops – laptops are easy to lose and can easily be stolen. By ensuring that its data is unreadable, you can limit your potential loss.
With an effective encryption scheme in place, taking into consideration all portable and transferable data, you will be meeting the needs of insurance companies for a Cyber Liability policy, and will also protect your client’s personal data, whilst also meeting the GDPR standard.
Champion Insurance Brokers provide Cyber Liability packages for varying sizes of businesses in the Greater Manchester area and work with a number of specialist providers who offer comprehensive cyber cover, including analysis of your current exposure and valuable support services to get your business back on track after a cyber-attack or data breach.
If you want to learn more about GDPR or how to protect your business against the threat of data breaches, please contact us on 03330 430 430 or info@champion-insurance.co.uk.
For further information on Cyber Liability, please click here.