Two years have passed since the introduction of the Europe-wide data protection guidelines. The first court decisions have been made and sanctions have been imposed. Time for a summary: What has changed for companies since the EU-GDPR introduction, which fears have come true and how does Password Safe contribute to more data protection conformity?
2020 as “Year of Controls”
For some, it is a reflection of Europe’s pioneering role, for others it is simply a bureaucratic monster: The basic data protection regulation will now be two years old on 25 May 2020. Nevertheless, it met many people unprepared and left them also with unanswered questions: “How should I implement this clause in practice in my company? When can I get a fine?” An initial balance sheet now shows that there is still a lot of catching up to do on the company side – which is also reflected in the number of infringements to date. In 2019, 187 fines were imposed in Germany alone for data protection reasons. However, the EU-GDPR has not triggered the feared avalanche of warnings.
Conclusion EU-GDPR: Utopian Ideal or inevitable Measure?
The EU-GDPR is still difficult to implement, especially for small and medium-sized enterprises and associations, as the same framework applies here as for large corporations. In addition, it is a further hurdle to not only manage data in accordance with the rules, but also and above all to provide sufficient proof of this. Especially departments such as HR, sales and marketing, which come into contact with personal data on a daily basis, face this and other challenges. One thing is certain: The GDPR with its requirements must not slow down the digital change in Europe in order to prevent important pioneers in development from migrating abroad. Despite everything, the GDRP’s intentions can also be seen as positive. For it has the potential to advance from a European standard to a worldwide standard! Even if there are still a few stumbling blocks to be cleared on the way to this goal in terms of time and cost factors …
Article 32: How to overcome EU-GDPR hurdles with Password Safe
We will show you how to comply with the security of the processing of personal data according to article 32 with Password Safe.
Paragraph 1
a) How are personal data pseudonymized and encrypted?
Protect your data with data end-to-end encryption (AES256, RSA4096, TLS1.3) in Password Safe.
b) How are the factors confidentiality, integrity, availability and resilience of the systems implemented?
Password Safe is highly available and highly scalable thanks to stateless multi-tier architecture. Audit-proof logging of data by means of history protects against data manipulation.
c) How is data access guaranteed in the event of an incident?
Even in an emergency, data remains current and accessible with Password Safe: via live backups, an emergency WebViewer and OfflineClient as well as compatibility with external backup systems, and much more.
d) How is compliance checked, assessed and evaluated?
All actions are logged in Password Safe. Individual reports can be created. Restricted users with external data access can be created for security audits.
Paragraph 2
How is it prevented that data is destroyed, changed or even lost without authorization?
All data can be viewed and restored at any time thanks to the rights-protected data history. The visual protection prevents unauthorized persons from disclosing the passwords. Additional security factors such as the multiple-eye principle ensure that data access must first be approved by another person.
Paragraph 3
How is the fair and transparent processing of data guaranteed?
A rights system allows the company structure to be reproduced in detail, which means flexible control of the users. Rights templates can be created and rules of conduct can be defined for uniform processing according to the company code.
Paragraph 4
What steps can be taken to ensure that subordinates process data only on instruction?
In Password Safe access authorisations can be granted and withdrawn manually (even temporarily). The sealing system means that access must first be granted by another person.
Would you like to find out more about how Password Safe can be used in accordance with Article 32 of the EU-GDPR?
Read our white paper!
Here you find more information on our GDPR commitment.