What is GDPR in Europe and how can it impact non-EU businesses?
General Data Protection Regulation (GDPR) is rapidly approaching, organizations need to get their compliance practices in place or face some pretty steep fines. GDPR is the new regulation to protect EU citizens’ personal data, replacing the current directive from 1995 and establishing a single set of rules across the European Union. GDPR outlines a set of obligations organizations have with respect to data encryption and storage, handling personal data as well as record keeping and breach notification. Failure to meet those obligations can be costly, with fines ranging up to €20 million, or 4% of a company’s total worldwide sales, whichever is greater.
Non-European companies don’t escape the reach of GDPR. By having even a single European customer a non-EU based company is required to meet the GDPR requirements.
USB Data Loss Risk
One area that has potential to be overlooked in the technical implementation of GDPR requirements is USB and removable media. Removable media accessed through USB is an extremely convenient and reliable way to easily transfer data. However, as was recently highlighted with the Heathrow Airport USB leak, a single lost USB drive can have serious consequences for your organization. Fold GDPR into the mix and that thumbdrive containing customer data accidentally dropped in a parking lot or left in a taxi can have extreme financial consequences.
How can secRMM Help?
Implementing a DLP solution such as secRMM can be a key piece of technology to address the GDPR requirements that impact USB and removable media. First, secRMM provides the ability to restrict the copying of specific files or folders to USB mounted devices. This can be a mechanism to ensure the only specific data is permitted to be copied to removable storage. The second is encryption. Using secRMM you can ensure that the only connected USB devices are corporate approved encrypted thumbdrives. Lastly, secRMM has extensive auditing capabilities. GDPR has stringent record keeping requirements, using secRMM you will have extremely detailed audit logs capturing details of files transferred to storage, the type of device transferred to as well as which user and computer facilitated the transfer.
GDPR is coming quickly and will be enforced May, 2018. Take the time now to ensure that USB and removable media are part of your data protection plan.
What to do next?
Contact us to see a demonstration of our solution.
Or watch an overview of the secRMM integration with Microsoft Systems Center.
Or if you’re really impatient, jump right to downloading the trial.