It seems like every other day there’s an article in the news about a company suffering a massive data breach. The recent hacks of the controversial site Ashley Madison have left many customers questioning their online security and privacy, and around the world, governments continue to push for stronger standards to protect users.
If you live in Europe, you’ve no doubt seen something in the news a few times about the European Union’s negotiations regarding the General Data Protection Regulation, formerly known as the General Data Protection Directive. There are a lot of big changes going on with this piece of legislation that will apply to business owners all over Europe, and as the final details are hammered out, it’s time to figure out how your company will adapt.
First of all, let’s look at how this legislation is changing. The wording switch from ‘directive’ to regulation is worth noting, because this means it’s something that will be enforced as soon as the law goes into effect, and is not implemented at the discretion like the directive previously was.
The directive, which was implemented in 1995, gave countries a lot of leeway and largely left the extent of its reach up to their local governments, but the regulation that is expected to roll out early next year will be firm and apply to everyone.
As technology applications continue to grow and change, security and full disclosure is becoming a big concern with regards to the data companies keep on their customers. The European Union is adapting the language and content of this bill to ensure that customers and users are aware of the data that is being stored by companies, and that these groups are taking the proper security measures to protect their privacy.
In an age of information, these massive data breaches are just shy of an epidemic, with millions of people being affected every year. It’s the hope that with this bill, companies will be held accountable to their customers, and to a higher standard of information security.
Though the final draft still has yet to be released, here are a few things that speculation seems to be confirming from various sources:
- The law will likely only apply to businesses employing over 250 employees and processing over 5,000 records per year.
- It will apply to international businesses operating in Europe as well.
- Businesses will have between 24 and 72 hours to report a security breach to their customers, or face steep penalty fees.
- It’s likely that if the information that is stored is encrypted, businesses will be exempt from the disclosure policy.
This is a massive piece of legislation, and there are definitely a lot more moving parts to it, but these are a few main points that European business owners and international companies could see affecting them in 2016.
It’s going to be really interesting to see how this regulation affects international companies doing business in Europe, and whether these policies deter them from commerce within the jurisdiction of the EU.
On another note, while full disclosure of security breaches to customers is definitely a good thing, there’s no doubt that it can really hurt a company’s reputation for reliability and privacy. If your customers use credit card information to pay for purchases through your business and that information is stolen, it can cause them to take their business elsewhere to a more secure and dependably company.
If you keep all of your data encrypted though, there’s almost no security risk to your customers even if their information is stolen – it’s completely unreadable, and is essentially a locked safe the hackers don’t have the key to.
With that in mind, it does look like the regulation will have an exemption for disclosure of security breaches if the company keeps their data encrypted, so if you’re running a business or handling transactions anywhere in Europe, this is something you’ll want to take advantage of.
The resultant fines for not disclosing a security breach in the allotted time are steep – starting at about €1 million per day. You can save face and keep your customers’ information safe though, simply by using a VPN coupled with an online backup or cloud storage service.
All of these services typically encrypt your web traffic and your stored files, so that even if your data is intercepted by hackers, it’s completely unreadable to the thief. A VPN is designed to protect your web traffic itself, that anything handled over internet connections in your business is encoded and secure against infiltration.
If you store customers’ information, check out cloud storage or online backup services that also do end to end encryption, and you’ll have all of your bases covered. With stored data and network traffic encrypted, it’s likely you won’t have to disclose a security breach to your customers, since their data won’t actually be at risk.
Typically with a VPN service for businesses, you want to make sure they give you unlimited bandwidth, great support, and multiple device compatibility, so that it works fluidly across all platforms you may utilize with your business.
In addition, you want some similar traits from an online backup service. Of course data storage space is key, but make sure they are encrypting your files for the duration of their storage, and that their data centers are completely geo redundant, so that the information is never lost in the event of a natural disaster.
While the General Data Protection Regulation is definitely going to make sure that customers stay informed and aware of security risks and information sharing policies with companies and corporations that they choose to share their information with. As a business owner, it’s up to you to make sure when this legislation is implemented that you’re prepared to adapt gracefully.
Ideally a security breach will never happen, but your best insurance against that is going to be encryption, all around. This way, even if your data is hacked, at least the information is still unreadable and secure.
You’re going to find the fastest VPN service with ExpressVPN, and their service is also compatible with all major operating systems, so it’s highly adaptable. When it comes to online backup service, I really prefer iDrive for the best backup security and across the board operating system compatibility.
Start looking into these services now, and prepare to protect your customer’s information – it might just save your company’s reputation.