Data Security for EU Data Protection Directive

The Data Protection Directive (Directive 95/46/EC) is a European Union (EU) regulatory framework that aims to protect the privacy of personal data within the EU. Implemented in 1995, the directive requires all member countries of the EU to enact laws to enforce these regulations.

Compliance with the directive is monitored by supervisory authorities within each EU member country, and violations may result in judicial remedies, personal compensation or fines. In January 2012, the European Commission proposed updates to the directive in order to better protect Internet users. Under the new rules, companies are required to notify authorities within 24 hours in the case of a security breach that puts personal data at risk.

The directive is noticeably vague with regard to data security, stating only that, individuals with access to personal data must implement “appropriate security measures” to protect it against unlawful or accidental loss or destruction.

One way to prove sound security and stewardship is through data encryption. Protecting personal through encryption and storing the crypto keys in a separate, secure vault renders the data unusable and indecipherable to unauthorized individuals and enables organizations to claim “safe harbor.”

Gazzang zNcrypt™ can be applied easily, quickly, and economically as a solution for data privacy and security guidelines defined within the Data Protection Directive. Through AES-256 encryption, advanced key management, and process-based access controls, zNcrypt provides transparent data encryption for any database or application running on Linux, including big data environments.

Sending PII via email is risky for both the sender and receiver, especially if that transmission is not encrypted. In addition to securing zNcrypt keys, Gazzang zTrustee™ allows organizations to securely transfer sensitive data to authorized parties, provided the data transfer is approved under the directive. This solution enforces a broad range of policies for object authorization, expiration, revocation and retrieval limits, with detailed logging and reporting on all activities associated with these policies.