5 things you should know about the EU Data Protection Regulation (even if you’re not from the EU)

CorporateEnduserSecurity TipsData loss preventionEncryptionEUEU Data Protection RegulationSafeGuard

eu-data-protection-150If you haven’t heard about it by now, it’s time you learned more about the upcoming EU Data Protection Regulation, which applies to anyone collecting data on European Union citizens.

What does the regulation say about your responsibilities to protect personal data? Here are five things you need to know about the regulation and what you need to do to get compliant.

1. The EU is currently finalizing the new Data Protection Regulation and it will likely become law this year.

The European Parliament voted in favor of the proposed regulation by an overwhelming majority in March 2014. The regulation still needs to go through further steps before it becomes law. However, based on the near-unanimous support so far, it is widely anticipated that it will be adopted in 2015.

2. Everyone who holds data on European citizens is affected, even if you’re not located in the EU.

The proposed legislation will require everyone who holds data on European citizens to implement appropriate security measures to protect the data, and have a clear data protection policy. That data may include names, photos, email addresses, bank details, posts on social networks, medical information or a computer’s IP address.

If you do business with customers in Europe, that means you need to comply!

3. Fines for non-compliance could cost millions.

Under the proposed legislation, if you suffer a breach of personal data you can incur fines of up to €100 million or 5% annual turnover. Plus you will have to notify affected customers of the breach, with all the associated costs and loss of reputation.

4. Encryption is the best way to secure personal data. 

Encryption is widely agreed to be the best data security measure available as it renders the data unintelligible to unauthorized parties in cases of data loss.

If you can show that the personal data was encrypted, the likelihood of being fined as a result of a breach should be very greatly reduced, and you don’t need to notify affected customers about the breach.

5. Lots of businesses aren’t ready yet, but you can reduce your compliance risk.

Take our 60-second compliance check to see if you are at risk from the proposed regulation – plus, learn how to secure your data and avoid breaches. Download our free whitepaper and sample data protection policy to get started, and visit our resources page to see how Sophos can help.

12 Comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s