GDPR, Security And Privacy By Design

GDPR’s implications for security and data privacy have been on the security radar for some time now. View GDPR as an opportunity, not an obstacle.

Smartphone and padlock on top of an EU map, representing the level of data protection required to be in compliance with the General Data Protection Regulation (GDPR).

Now more than ever, enterprises are under pressure to think about how data is collected, handled, stored and transmitted. Effective May 2018, an organization failing to meet the General Data Protection Regulation (GDPR) could face fines of up to €10 million. GDPR was intended to strengthen data protection for people within the European Union (EU), and it impacts virtually any entity that has even minimal contact with the EU - knowingly or otherwise. Fortunately, the most competitive security firms have been wrestling with and addressing issues relating to the limiting of access to sensitive customer information and enterprise IP for some time.

Privacy By Design

GDPR calls for systems and products to implement privacy in a more integrated manner than ever before. Let’s look at the example of a company that manages services for customers via email and switchboard. Under the new guidelines, the company may be required to remove all records at a customer’s request. Any organization collecting customer data could be exposed to a future liability if they fail to find and remove all of the data. System developers will need to design with these security regulations in mind. Lou Ruppert, VP of Security Operations at Silent Circle, says “It’s a way of taking privacy issues to a more holistic level. It’s built into business processes from the beginning. This allows companies to show respect for their customers’ security concerns.”

The GDPR will be enforced starting on May 25, 2018; however, it was approved by the EU Parliament on April 14, 2016 after several years of research and preparation. Companies that place the utmost importance on the data privacy of their customers are already providing systems and services that meet or exceed the GDPR. For example, products such as our Silent Phone peer-to-peer calling and messaging application have been private by design since inception.

Respect For Customer Data

Many organizations, including technologically-minded companies, have been victims of widely publicized data breaches. While the frequency of these incidents speaks to the ever-growing threat of cybercrime, it also reveals a certain lack of respect for customer data. It is imperative that enterprises think through the potential ramifications of a potential security breach, and carefully evaluate where data is stored and how it is handled.

Ruppert says, “Enterprises often don’t weigh their decisions carefully with respect to data. People’s lives can be at stake just as much as the company’s bottom line - we work in some highly sensitive industries. As early as 2012, long before the GDPR updates came along, we were tackling data privacy issues. I imagine real world consequences all the time when reviewing the design of a system to discover vulnerabilities and assess their repercussions. By fully grasping the potential ramifications of any failure, you give your work the gravity and importance it deserves.”

Silent Phone excels in that sense, because it gives data owners the ability to practice good data hygiene. The application’s scheduled burn functionality ensures that messages and call records are automatically deleted on both ends. And there’s no email server or voicemail server to be hacked. The enterprise has the full control they need in order to protect both the customer’s data and their own.

Competitive Advantage

Robust data protection is increasingly becoming a differentiator for business competitiveness, and enterprises should view GDPR as an opportunity rather than an obstacle. Organizations seeking to be in compliance will need partners and third-party vendors who are also in compliance in order to avoid penalties. In this way, privacy and data protection actually becomes a competitive advantage.

Silent Circle is committed to protecting your enterprise’s communications and data. Learn more about our award winning products and solutions.