Welcome, GDPR!
While the world’s attention only turned to online privacy after the Snowden revelations, we were skeptical of mainstream service already in 2011. I founded Tresorit together with Szilveszter Szebeni and Gyorgy Szilagyi as we did not trust mainstream cloud services and decided to create a service with privacy at its heart.
At Tresorit, we are committed to protecting our users’ privacy and believe that people and businesses alike should have their right to privacy online just as much as they do offline. That’s why we very much welcome the entry into force of the new European Data Protection Regulation (GDPR). It is a key step towards protecting individuals’ personal data and keeping the right to privacy in mind all the time.
But how does the rest of the world feel about it? In the run up to the GDPR, studies revealing that businesses were far from being ready dominated the headlines. While the numbers differ, all surveys found that the majority of businesses were unprepared for, or unaware of the new data protection rules.
Ready or not, the wait is finally over. As of today, the GDPR is a reality. While there has been a lot of fear-mongering about the GDPR and its hefty fines, I believe that businesses should look at it as an opportunity, not as a threat. Reaching GDPR compliance is a real opportunity for all organizations to enhance the trust of consumers in digital services, and to take significant steps towards better protecting employer, customer, and business data.
Becoming GDPR compliant does not happen overnight though; it requires a lot of organisational and technical measures to come into line with the new rules. One technological measure, recommended by the GDPR, that can help companies to secure personal data in the cloud is encryption.
While the Regulation does not differentiate between different types of encryption technologies, the Article 29 Working Party – which has now transformed into the European Data Protection Board – describes end-to-end-encryption as the strongest guarantee of confidentiality. We very much welcome this recommendation as we have built our service on zero-knowledge, end-to-end encryption to protect information in the cloud from everyone, even from us.
Besides our end-to-end encryption technology, Tresorit also has a wide range of security features to help businesses adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default. And we are proud that we already enable 10,000+ organisations to work and collaborate in the cloud in a GDPR compliant way.
However, encryption does not solve all GDPR requirements alone. It helps businesses worry less about managing data in the cloud but there are many other steps business will have to take in their road to GDPR compliance. And I really hope they will do so. Amid all the data breach scandals hitting the headlines, it’s time to take online privacy seriously and ensure that individuals don’t fall victims of data breaches and abuses any more.