Tresorit at #InfoSec18

This year, we were invited to speak at Europe’s number one information security event: Infosecurity Europe. It featured several hundred exhibitors showcasing security solutions and a myriad of workshops, roundtables and tech talks for those with interest in the latest trends in information security.

The workshop I spoke at was organized by the Cloud Security Alliance (CSA) and discussed how to achieve GDPR Compliance with the CSA Code of Conduct. Dr. Paolo Balboni, Founder of ICT Legal Consulting, gave a comprehensive overview of GDPR requirements for data controllers and processors in the cloud, while Daniele Catteddu, Chief Technology Officer at CSA, dove into the details of their Code of Conduct for GDPR. My role was to walk the audience through a real-world scenario of how to adopt the code and reach GDPR compliance. I thought I would share my experience and the key takeaways of the workshop.

Even though the long awaited GDPR deadline has passed, it is apparent that companies are still figuring out how to comply with the new data protection rules. The issue that seem to interest companies the most is who bears the responsibilities for data breaches if data is furthered processed by a third party, a cloud provider for example. There are several other questions that arise as well, and the interpretation of the rules causes headaches to many. It is probably going to be a long learning process and could take several months if not years for companies to become fully compliant with the GDPR.

To give a quick background, the European Union adopted the General Data Protection Regulation (GDPR) to harmonize rules that govern the protection of personal data across Member States. This new data protection regime significantly changes the way companies handle personal data of their customers, employees, or business partners. It requires them to adopt organizational and technical measures to ensure the proper protection of personal data. What’s more, it applies not only to companies established in the EU, but to any organization that processes personal data of individuals who are in the EU to offer them goods or services, or to monitor their behavior.

The GDPR went into effect on May 25. This means that businesses now risk being captured for not complying with the new rules any day. If you haven’t started making steps or you are still on your journey towards compliance, it’s never too late to switch to GDPR compliant data management with Tresorit.

During the workshop, I explained how Tresorit’s end-to-end encryption and other privacy by design features can help businesses manage data securely online. Tresorit’s end-to-end encryption helps to ensure the integrity and confidentiality of data, protects against confidentiality and integrity data breaches and can save the costs of data breach notifications and potential fines. Tresorit also has a wide range of security features to help businesses adopt internal policies and implement measures which meet the principles of data protection by design and data protection by default. We have collected several mini case studies to give real life examples as to how these features can help avoid data breaches which could entail hefty fines and seriously damage a company’s reputation.

Interested to know more about how Tresorit can help you manage data in a GDPR compliant way? Visit our GDPR resources 

page or download our e-book.

 

About the author

 

Szilveszter is the co-founder and CIO of Tresorit, and is responsible for the smooth functioning of IT operations, compliance and business intelligence. Szilveszter is a Computer Engineer by education and has won several programming competitions (ACM, ImagineCup). He is also a problem writer for and participant in computer science competitions such as “Challenge 24”. Previously, Szilveszter was a lecturer of Programming at Budapest University of Technology and Economics.

The materials available on this website are for informational purposes only and do not constitute legal advice. To obtain advice with respect to a particular issue, you should contact your attorney.

Suggested posts

Welcome, GDPR!

While the world’s attention only turned to online privacy after the Snowden revelations, we were skeptical of mainstream service already in 2011. I founded Tresorit...