EU Data protection reform and how it affects you
The UE revealed a draft version of its new data protection directive which is officially known as Directive 95/46/EC. The directive forms part of the UE privacy and human rights laws and this update will introduce substantial revisions in terms of data protection requirements.
The directive is in place to regulate the ways in which data is stored, accessed and managed and concerns any company doing business with EU citizens.
This means that once the directive is approved any business that provides goods or services to customers in the EU will need to follow the guidelines laid out in these directives. This makes it a very important piece of legislation and one that it is worth getting familiarised with as soon as possible.
The primary focus of the new directive is on data security – this includes security in the communication of data between business and client as well as the storage of the data and the assurance that it cannot be compromised by any outside parties.
Data can be secured in transit by using strong encryption methods whenever data is sent and received over the Internet. This is already a standard practice amongst most businesses and almost all supported applications that deal with data today operate over secure channels and come with TLS encryption.
This is fine when data is being sent and received but what about data that is in storage?
Data that is stored on company systems may seem to be safe at first glance but in fact it comes with as many risks as data that is being sent over the Internet. Because most modern IT systems are connected to the Internet it makes the data stored on them just as vulnerable as it is when it is transmitted over the Internet.
In addition to data that is stored on company servers there is also a huge risk when data is stored or even accessible via company computers and especially laptops.
The biggest risk is that these end-user devices could be compromised or stolen leaving not only the data on them accessible by the perpetrator but also the data that those devices have access to (such as customer databases).
Preventing internal data breaches with encryption
One of the key parts of the new EU directive that addresses this potential issue revolves around the encryption of sensitive data, regardless of where it is stored.
This requirement is already enforced by many other organisations within the public and private sector such as the finance industry and the healthcare industry and involves using software to encrypt and decrypt data on the fly.
The way this works is to prompt the user for a password when they log in to their computer and this password will then decrypt the information that it contains.
This type of system tends to keep the entire system encrypted, and not just the data itself. This is beneficial because it means that if the device is compromised then nothing can be access what so ever – this includes any other remote systems that may have been accessible from the device.
Making encryption easy with Sophos Safeguard
There are several options on the market when it comes to encrypting your devices – in fact some versions of the Microsoft Windows operating system have encryption software built in.
However, managing this encryption is difficult especially when you are working in an enterprise environment and especially when your employees access sensitive data from multiple devices.
Sophos Safeguard makes encryption extremely easy with its intuitive interface. The software leverages built in encryption systems when available which provides the highest possible encryption levels whilst also preserving system performance.
In addition Sophos Safeguard is built for the enterprise and allows for the encryption of data seamlessly across all platforms and devices. This means that wherever the data travels – from PC to mobile device and even into the cloud, it can be encrypted and managed safely and securely.
For more information on the EU data protection reform, how to protect your business and Sophos products please contact JPS Solutions today.Tags: data protection, encryption, eu policy, safeguard, sophos