As the first GDPR summons is issued, how will you protect your firm from a similar fate?
Four months after the European Union’s ground-breaking General Data Protection Regulation (GDPR) came into force, the first-ever formal GDPR notice has been served. The target is AggregateIQ: a company that had ties to controversial consulting firm Cambridge Analytica (which closed its doors earlier this year).
“With the action being taken against AggregateIQ, the GDPR directives have suddenly jumped off the paper and become a real-world reality,” notes Anton Jacobsz, managing director at Networks Unlimited, a value-added distributor representing Thales eSecurity solutions in Africa.
A whistleblower quoted on news site ITPro.com claims that AggregateIQ used data obtained by Cambridge Analytica to create mobile apps and disseminate information that furthered the interests of certain political movements. It could now face fines of up to EUR 20 million or up to four percent of annual turnover.
At its core, the GDPR modernises data protection laws in Europe, unifying fragmented data privacy and protection laws, and demanding that organisations be highly disciplined when handling customer data.
It’s a powerful and far-reaching set of legislation, as even companies not based in the European Union are forced to comply (if, for instance, they have customers who are EU citizens, or if they are providing a service to an EU-based company).
“As the first company faces the wrath of the GDPR, others are realising that they are currently out-of-line with the requirements of the legislation,” says Jacobsz. “They’re vulnerable to data breaches and to the legal repercussions that could follow.”
In fact, the same news article highlights the startling fact that up to two-thirds of European firms are still not fulfilling some of the GDPR’s key conditions.
“Companies need to find ways to swiftly bring themselves into line with GDPR, with technology solutions that can be easily deployed, and quickly close the gaps,” he says, adding that Networks Unlimited is continually scanning the horizon to find its clients the best solutions to ensure they remain compliant and secure.
“Thales has emerged as one of the strongest players in this field, with advanced data encryption and key management strategies that are purpose-built for today’s era, characterised by cloud computing and big data.”
He says Thales goes a long way to achieving total enterprise security and complying with laws like GDPR as well as the likes of South Africa’s Protection of Personal Information Act.
Advanced data encryption
As companies scramble to comply with GDPR, Thales allows organisations to encrypt databases, file systems and even connected objects. It also gives them the confidence to scale out massive data-sets in the quest to better understand their customers and provide personalised services.
“From one central location, companies of every size can define security policies and compliance mandates across all of their databases, files, and big data nodes,” explains Jacobsz.
Underpinned by its Vormetric Data Security Platform (which secures data-at-rest across the entire organisation), several modules can be added, to fit the unique needs of an organisation and work with its existing security architecture. These modules include:
- The Vormetric Data Security Manager: centralising encryption key and policy management, reducing the complexity normally associated with deploying and running data security deployment, and ensuring key and policy management is done by two different security administrators.
- Vormetric Transparent Encryption: enabling data-at-rest encryption, privileged user access control and the collection of security intelligence logs without re-engineering applications, databases or infrastructure.
- Vormetric Key Management: consolidating enterprise encryption key management to ensure high availability, standards-based key management for ‘transparent database encryption, KMIP compliant devices, while also offering vaulting and inventory of certificates’.
- Vormetric Application Encryption: perfect for those applications requiring field-level encryption for database, big data, PaaS or other applications. It’s an application encryption library (enabling you to integrate application-level encryption into existing corporate system) containing standard-based APIs for performing cryptographic and encryption key management.
- Vormetric Vaultless Tokenization with Dynamic Data Masking: making it easy to use format-preserving tokenisation to protect sensitive fields in databases – and supporting both random-token and crypto-token generation.
- Vormetric Cloud Encryption Gateway: safeguarding files in any cloud storage environment you may be using by encrypting sensitive data before it’s saved to the cloud.
- Vormetric Security Intelligence: giving you comprehensive security event logs that can be easily integrated with your existing security information and event management systems and automatically producing compliance and security reports.