How to face a fine for data loss? Just one thing
It imposes heavy fines for the loss of an unsecured disk containing sensitive data. Yet so little is enough to prevent risks.
Recently released statistics from Kingston showed that of all flash drives sold across all brands, only 0.29 percent are variants with so-called hardware encryption. Yet, since the General Data Protection Regulation came into force on May 25, the loss of an unsecured flash drive containing sensitive data can result in hefty fines.
While the new regulation does not specify exactly how institutions and companies should secure their portable storage devices, it does list pseudonymisation or encryption as some of the possible safeguards for personal data.
"It is astonishing how little companies acknowledge the problem that lies in unprotected flash drives. Yet in Western Europe, corporate awareness in this area is at a completely different level. The percentage of sales of secure drives in these countries is almost in double digits," said Marcin Gaczor of Kingston.
The trouble starts the moment such an unsecured flash drive or external drive with personal data is lost. According to the GDPR, institutions must report any such loss. And fines, and hefty ones at that, will follow for such misconduct. If the drives are hardware encrypted, their possible loss may not be reportable. The Regulation literally mentions that voluntary use of encrypted drives may exempt companies from "the obligation to report, for example, a personal data breach of a data subject."
According to Gaczor, purchasing an encrypted flash drive is the simplest activity that institutions, companies, and even freelancers can do to secure sensitive data. "The advantage of hardware encrypted flash drives is clear, you never forget to encrypt the data, it is automatically taken care of by the chip inside the flash drive," he concluded.
We have colleagues in our team who specialize in the field of data encryption. If you're not sure how to secure your data or network, don't hesitate to contact them. They are ready to secure your data as well.