The European Union’s General Data Protection Regulation (GDPR) is meant to give its citizens better control and visibility into where their data resides and how it’s being used. Non-compliance fines are expected to range as high as 10 million Euros—that’s enough to focus the attention of every company in the world that does business with EU citizens!
In this archived webinar, A No-Nonsense Approach to Tackling GDPR with Encryption and Key Management, encryption and key management experts from Fornetix and Cyphre got together for a one-hour, deep dive into understanding exactly what every organization needs to put in place to comply with GDPR requirements.
In this session, Chuck White, CTO of Fornetix, and Ben Collins, Vice President of Engineering at Cyphre, a RigNet company, demonstrate that tackling GDPR doesn’t have to be hard. Their conversation starts by identifying who needs to meet the requirements, then moves on to useful information on what steps companies should take to protect personally identifiable information (PII) utilizing encryption and key orchestration
The discussion also covers how to put controls in place to know what information is protected for an individual, where that information resides (data stores, databases, backups), and how to establish a data-centric encryption posture. The conversation includes many salient issues involved in developing a privacy program with documented procedural and technical controls that align with existing security processes and guidelines. Technology can be applied to encrypt, hash, or tokenize information associated with PII, with encryption-based controls reflecting the organizational policy for data retention. Governance, as prescribed by GDPR, makes it essential to associate Cryptographic Managed Objects with Encrypted Information, and an individual’s information. Encryption keys must be generated, registered, distributed, stored, and managed.
Since effective encryption and key orchestration helps meet regulations while maintaining a heightened security posture, the discussion covers how technique, technology, and planning come together in outstanding orchestration and active governance, which is critical to address provenance, composition, and disposition of individual PII data. To make encryption a valid technology for GDPR compliance, the rules and policies associated with the use of encryption must align with the requirements for PII Data Protection, including the ability to remove information.
To learn the inside scoop on how to create Privacy By Design that meets the challenges of GDPR compliance, please view this wide-ranging and highly informative session.