Lenny Wood of Frama explains what GDPR means for businesses and what they can do to ensure compliance.
What is GDPR?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU.
The regulation was adopted on 27 April 2016. It enters into application 25 May 2018 after a two-year transition period and the Government has confirmed that the United Kingdom’s decision to leave the European Union will not affect the commencement of GDPR.
The GDPR will provide a single legal framework which will apply to all members of the EU, streamlining and hopefully simplifying what is currently a mix of laws for each member country. Directly concerned with the collection, storage and use of personal data, this will impact every business that holds any personal data in any format.
How will it affect your business?
If a business collects, stores or uses personal data then the GDPR applies and now there is an obligation for compliance, with serious penalties for those that don’t.
We are confident that most companies will already be looking at how they acquire, store and manage personal and sensitive data. We have found, however, that many organisations are not aware of the risks concerning the transmission of this data between internal employees and external clients.
Are you able to answer the following points?
1. What measures are currently in place for sending sensitive personal/financial data via email?
2. How does your business prove it is compliant in this situation?
Consequences of inaction
Non-compliance may leave you open to substantial fines under the GDPR. Article 83(5)(a) states that infringements of the basic principles for processing personal data, including the conditions for consent, are subject to the highest tier of administrative fines. This could mean a fine of up to €20 million, or 4% of your total worldwide annual turnover, whichever is higher*.
How we can help
The Frama Rmail platform provides a solution to a specific aspect of GDPR compliance, regarding the secure transmission of sensitive personal and financial data.
Frama makes secure email simple and accessible, for both your business and your recipients using ironclad protection.
Frama Rmail uses 256-bit AES encryption with options for secure end-to-end delivery ensuring that your message will only be read by the intended recipient.
Unlike other encryption services, Frama Rmail provides true direct delivery of your encrypted message and attachments in to your recipient’s inbox.
Your recipients will not need to register for an account, open a web browser or otherwise leave their inbox to access your secure message.
If you are required to encrypt personally identifiable information under the GDPR requirement, compliance is only half of the requirement. The other half is legal proof. Your registered receipt record serves as legal proof of compliance and can prove that you have met your obligations should a dispute arise.
For further information or to speak to an email security professional, contact Frama on 01992 451 125 or by email at firstname.lastname@example.org.
*Source: Information Commissioner’s Office, GDPR Guidance