The General Data Protection Regulation (GDPR) of 2018 applies to all businesses that collect any data from customers or clients in the European Economic Area (EEA).
GDPR Article 32 specifically requires implementing technical measures to ensure data security, and calls for encryption of personal data as well as mechanisms to restore data availability in the event of a technical or physical incident.
Encyro helps you meet GDPR Article 32 requirements through
- access control
- multi-location encrypted backup
- activity logs, include account level activity logs available to you for audit
- organizational controls within Encyro to ensure that data is protected
More details on our data security safeguards are available here.
Remember that the GDPR also applies to data managed by you outside of Encyro and you may find additional cyber security guidance on our security blog (e.g. to enforce automatic log off on your computers).
Equivalent regulations also exist in the UK and Switzerland.
- The UK Data Protection Act of 2018 implements the GDPR in the UK and requires you to ensure that customer information is handled in a way that ensures appropriate security, including protection against unlawful or unauthorized processing, access, loss, destruction or damage.
- The Swiss Federal Data Protection Act (DPA) Article 7 and the Data Protection Ordinance (DPO) section 4 require businesses to secure data collected from Swiss nationals.
Using Encyro as part of your data security plan helps you satisfy your regulatory requirements.