Under the GDPR, organizations must take appropriate measures to protect personal data from unauthorized access, use, disclosure, or destruction. One of the measures that organizations can take is to use encryption and other cryptographic techniques to protect personal data.
Each year, various events within the cybersecurity industry have a significant impact on the industry, leading experts to predict an increase in the frequency and severity of such occurrences in the years ahead. As preparation is preferred over mitigation, awareness of what to anticipate this year and beyond is essential.
Companies who use Amazon Web Services (AWS) often choose to do so because of its scalability, ease of use and lower costs than other services or hosting their own data centers. However, it could bring a challenge for those in the EU who need to remain compliant with Schrems II to protect their data. Here we discuss the compliance challenges facing EU companies using AWS to host data and how Cryptomathic’s Bring Your Own Key (BYOK) Service can provide Schrems II compliance for AWS-hosted data.
Keeping data safe in the Cloud has always been a concern for users, hence the need for encrypting data. With more businesses taking advantage of what the cloud has to offer with cloud-based services, there has been increased focus on who should manage the keys used to encrypt and decrypt data.
This article takes a look at how Cryptomathic’s AWS BYOK Service can provide better control and auditability of key encryption keys for the Amazon Simple Storage Service (Amazon S3).
In this article we will discuss why shortfalls in U.S. President Joe Biden’s recent Executive Order do not meet the requirements of the EU’s Charter of Fundamental Rights.
Much has already been written about EU General Data Protection Regulation (GDPR), which comes into force on 25th May 2018 to protect EU citizens’ personal data. It applies to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company’s location. Unlike EU Directives, GDPR does not require national legislation to enact its provisions, so organizations not in compliance may face fines of up to 4% of annual global turnover or €20 Million (whichever is greater) from day one. The scope of the Regulation is broad, so this article will focus on the important role of encryption and particularly key management in aiding compliance. But first, let’s understand some key concepts and terminology:
