It’s been two years since the European Unions’ data privacy legislation took effect. The agency responsible for enforcing the requirements of the General Data Protection Regulations (GDPR) has been busy. Since 2018, there have been hundreds of fines issued to businesses including global giants such as Google and Facebook. In all, fines levied on companies for failing to meet GDPR compliance requirements totaled more than €114 million (or roughly $126 million) by February 2020.
The start of this year hasn’t been kind to business owners and executives. Remaining GDPR compliant became a lot more complex once workforces had to start working from home for extended periods. While productivity tools, connection protocols and adequate hardware took priority to keep systems safe and staff operational, physical security should be on the agenda going forward.
There are also looming changes in the GDPR landscape and new case law to take into account. Regulators believe the fines already levied haven’t had the required effect on organisations and will be pushing for harsher penalties in the coming year. Additionally, data transfer between using standard contract clauses still hasn’t been resolved. The Schrems II case is nearing conclusion and should provide clarity around these contentious issues.
Changes in the GDPR Compliance Landscape
Ensuring you and your organisation remain GDPR compliant in the coming years will require extending data security protections to every workstation, including those at home. Global events dictate that everyone who works with information from any location will have to implement physical and digital security measures to protect sensitive data.
What’s New in GDPR and Data-Privacy Legislation
While the second anniversary of GDPR is May 25, it is no longer the only data-protection regulations you should consider. Legislation from other parts of the world is catching up with the EU’s hardline approach. Some new data-privacy laws to take into account include:
- Brazil’s LGPD – Brazil’s data privacy laws came into effect in February 2020, Brazil’s LGPD unifies over 40 different statutes and clarifies legislation that seemed to contradict each other to protect data privacy. Even if you are GDPR compliant, you’ll need to understand the new legislation’s additional requirements like the mandatory appointment of a Data Protection Officer (DPO).
- California’s CCPA – Passed in June 2018, the state’s Consumer Privacy Act has many things in common with GDPR, although it doesn’t stipulate reporting breaches within the 72-hour window its European counterpart requires. However, it may enforce heavier fines for contraventions, as much as $7,500 for every record involved in a breach.
- India’s DPB – In India, the legislature is set to vote on a Personal Data Protection Bill to govern all collection, storage, processing, usage, transfer, protection and disclosure of personal data for its citizens. Once again, the legislation follows the GDPR requirements but has additional provisions you’ll need to consider. User consent will have to be specific to the data the organization collects, the purpose for collection, and request additional permissions for subsequent processing.
Canada and Australia also have proposed laws on the books. As data security laws continue to get more stringent over time, both executives and employees will have to take the necessary steps to protect sensitive information at all times.
It’s concerning that only one in three organisations have physical security policies in place while 25% of breaches in the financial sector were due to a lost or stolen device. Considering GDPR fines can run as high as €20 million or 4% of a company’s global annual turnover, ensuring the physical security of all employee hardware is vital for ensuring compliance.
Physical Security Solutions that Support GDPR Compliance
Securing company information and hardware outside of the office presents a challenge to everyone. You may find yourself working from home for the first time or you could be the person responsible for reducing the attack surface created by remote workers in your organisation.
Some organisations may be involved in the global effort to capture, process and analyze personal information about the COVID-19 pandemic. All the information flowing in and out of corporate networks remains subject to legislation and you should keep it secure both digitally and physically at all times. To protect sensitive information and hardware, consider these three measures for your physical IT security policy at all working locations.
1. Screen Privacy
Part of good data hygiene in the office is enforcing lock screen policies. When someone steps away from a desk, the information on the screen won’t be readable to anyone until the user returns. For environments outside the office, you’ll also want to use privacy screen filters. These products can narrow the field of vision on monitors to ±30°, helping protect sensitive information from prying eyes. It reduces the chance of a visual data breach while also filtering out harmful rays and preventing eye strain from blue light.
With options available for laptops, monitors and tablets, features of Kensington privacy screen filters include:
- Easy installation using magnetic attachments, frameless tabs or double-sided tape
- Comes with low-reflective coatings to reduce glare
- Reversible views with matte and glossy effects
- Protects screens from dust, scratches and damage
2. Physical Locks
Preventing device theft and the associated data-loss or breach should be a priority outside the office. Securing computers at home or in public spaces is possible with device locks that suit the model or manufacturer. To decide on what product security and device locks you’ll need, conduct a risk assessment and select devices that suit any environment.
These systems can help you secure devices to a rigid structure, mount them in different environments and secure your peripherals as required. Kensington created the laptop lock more than 25 years ago. We engineer and test every lock according to stringent specifications to ensure security, compatibility, and reliability. Options include:
- Portable locks with self-coiling carbon steel cable, ideal for the mobile user commuting between their home, office and remote workplaces.
- Keyed and combination locks to provide a suitable solution no matter the organisation’s or individual user’s preference.
- Locks designed to fit different types of security slots, including traditional T-Bar™, wedge-shaped, and Nano solutions.
3. Advanced Access Control
Access control remains important. Even if you use your own devices for your remote work, you’ll want to secure business applications with enhanced protection. Using a VeriMark™ Fingerprint Key can provide a convenient and secure way to control access to critical business information. Using a USB-based biometric system to improve access control can help you secure data in any external environment.
Securing Information and Improving GDPR Compliance with Kensington
To secure information and improve compliance measures with an increased attack surface, companies will need to improve both physical and digital controls. Kensington has put together a complete guide of products that support GDPR compliance measures for any work environment.
If you need to improve your data security while working at home, at the office or switching in between, check our whitepaper on GDPR compliance and physical security solutions.