The General Data Protection Regulation & The Duty to use Encryption

The General Data Protection Regulation, abbreviated to GDPR, raised a storm when it arrived. In reality, it merely tightened up on existing good practice according to digital security specialists Gemalto. The right to withhold consent and to be forgotten has always been there, for example. However, the GDPR brings a free enforcement service for consumers, thus avoiding the need for third party, paid assistance.

The GDPR Bottom Lines for Data Security
Moreover, the GDPR has penalties it can apply, of the order that might have a judge choking on his wig. Under it, data security measures such as pseudonymisation (substitution of identifying fields) and encryption (encoding including password protection) have become mandatory. Businesses must further respect their client data by:

a) Storing it in a secure environment supported by robust services and systems

b) Having proven measures to restore availability and access after a breach

c) Being able to prove frequent effectiveness testing of these measures.

The General Data Protection Regulation places an onus on businesses to report any data breaches. This places us in a difficult situation. We must either face at least a wrist slap upon reporting failures. Alternatively, pay a fine of up to ?10 million, or 2% of total worldwide annual turnover.

The Engineered Weak Link in the System
Our greatest threat of breach is probably when the data leaves our secure environment, and travels across cyberspace to an employee, stakeholder, collaborator, or the client themselves. Since email became open to attack, businesses and individuals have turned to sharing platforms like Dropbox, Google Drive, Skydrive, and so on. While these do allow an additional layer of password protection, none of these has proved foolproof. The GDPR may still fine us heavily, whether or not we are to blame for the actual breach.

How Hacking is Approaching Being a Science
We may make a mistake we may regret, if we do not take hacking seriously. The 10 worst data hacks Identity Force lists are proof positive that spending lots of money does not guarantee security (any more than having the biggest stock of nuclear weapons). We have to be smart, and start thinking the way that hackers do.

Hacker heaven is finding an Experian or a Dun & Bradstreet that may have shielded 143 million, and 33 million consumer records respectively, behind a single, flimsy cyber-security door. Ignorance is no excuse for them. They should simply have known better. They should have rendered consumer data unreadable at individual record level. The hackers could have found this too demanding to unpick, and have looked elsewhere.

How Data Encryption Can Help Prevent Hackers Succeeding
Encrypting data is dashboard driven, and businesses need not concern themselves about it works. There are, however, a few basic decisions they must take:

a) Purge the database of all information held without explicit permission

b) Challenge the need for the remaining data and purge the nice-to-haves

c) Adopt a policy of encrypting access at business and customer interfaces

d) Register with three freemium encryption services that seem acceptable

e) After experimenting, sign up for a premium service and be prepared to pay

Factors to Consider When Reaching a Decision
Life Hacker?suggests the following criteria although the list is a one-size-fits-all

a) Is the system fast, simple, and easy to operate

b) Can you encrypt hidden volumes within volumes

c) Can you mass-encrypt a batch of files easily

d) Do all other files remain encrypted when you open one

e) Do files automatically re-encrypt when you close them

f) How confident are you with the vendor, on a scale of 1 to 10

It may be wise to encrypt all the files on your system, and not just your customer data. We are always open to a hack by the competition after our strategic planning. If we leave the decision up to IT, then IT, being human may take the easy way out, and encrypt as little as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

What Sub-Metering did for Nissan in Tennessee

When Nissan built its motor manufacturing plant in Smyrna 30 years ago, the 5.9 million square-foot factory employing over 8,000 people was state of art. After the 2005 hurricane season sky-rocketed energy prices, the energy team looked beyond efficient lighting at the more important aspect of utility usage in the plant itself. Let’s examine how they went about sub-metering and what it gained for them.

The Nissan energy team faced three challenges as they began their study. They had a rudimentary high-level data collection system (NEMAC) that was so primitive they had to transfer the data to spread-sheets to analyse it. To compound this, the engineering staff were focused on the priority of getting cars faster through the line. Finally, they faced the daunting task of making modifications to reticulation systems without affecting manufacturing throughput. But where to start?

The energy team chose the route of collaboration with assembly and maintenance people as they began the initial phase of tracking down existing meters and detecting gaps. They installed most additional equipment during normal service outages. Exceptions were treated as minor jobs to be done when convenient. Their next step was to connect the additional meters to their ageing NEMAC, and learn how to use it properly for the first time.

Although this was a cranky solution, it had the advantage of not calling for additional funding which would have caused delays. However operations personnel were concerned that energy-saving shutdowns between shifts and over weekends could cause false starts. ?We’ve already squeezed the lemon dry,? they seemed to say. ?What makes you think there?s more to come??

The energy team had a lucky break when they stumbled into an opportunity to prove their point early into implementation. They spotted a four-hourly power consumption spike they knew was worth examining. They traced this to an air dryer that was set to cyclical operation because it lacked a dew-point sensor. The company recovered the $1,500 this cost to fix, in an amazing 6 weeks.

Suitably encouraged and now supported by the operating and maintenance departments, the Smyrna energy team expanded their project to empower operating staff to adjust production schedules to optimise energy use, and maintenance staff to detect machines that were running without output value. The ongoing savings are significant and levels of shop floor staff motivation are higher.

Let’s leave the final word to the energy team facilitator who says, ?The only disadvantage of sub-metering is that now we can’t imagine doing without it.?

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
ISO in Energy management

Every industry has its own set levels of quality that are considered acceptable or desirable. Energy performance like any other field is governed by some set standards. These differ across regions but international standards do exist.

ISO 50001 is the international energy standard applicable to both large and small organisations irrespective of geographical, cultural or social conditions. It outlines the best energy management practices that are considered to be the best by specifying that an organisation must integrate an energy management system and institute an energy policy, objectives, targets, and action plans taking into account legal requirements and information related to significant energy use. The energy standard is applicable to organisations.

What’s the importance of attaining energy certification?

ISO certification in any industry is a demonstration of quality or that a service or product meets the expected service standards. In energy management, ISO certification is a demonstration that an organisation or company has implemented sustainable energy management systems, completed a baseline of energy use and, is committed to continuously improve its energy performance. In addition, ISO certification assists organisations in the following ways:

? Organisations are able to optimise the existing energy-consuming assets

? Offers guidance on bench-marking, measuring, documenting, and reporting energy intensity improvements and their projected impact on reducing GHG emissions

? Creates transparency and facilitates communication on the management of energy resources

? Promotes energy management best practices and reinforces good energy management behaviours

? Assists facilities in evaluating and prioritising the implementation of new energy-efficient technologies

? Provides a framework for promoting energy efficiency throughout the supply chain

? Facilitates energy management improvements in the context of GHG emission reduction projects: The reduction of carbon emissions means therefore an organisation is able to meet government carbon reduction targets by demonstrating environmental credentials. The accruing benefits are many, ranging from increased investor confidence to more tender opportunities

Energy management software plays a vital role in helping organisations comply with energy standards through improved performance across the various functions in an organisation.

ESOS Guide for UK Manufacturers Available

The Engineering Employers’ Federation (EEF) is the UK’s largest sectoral structure. Its goal is to promote the interests of manufacturing, engineering and technology-based businesses in order to enhance their competitiveness.

EEF has positioned itself in London and Brussels in order to be in a position to lobby at EU and Westminster level. Part of its role is helping its members adapt to change and capitalise on it. When it discovered that a third of UK manufacturers must comply with ESOS (and 49% had not even heard of it) EEF decided it was time to publish a handbook for its members.

According to EEF’s head of climate and environment policy Gareth Stace, For the many manufacturers that have already taken significant steps to improve energy efficiency, ESOS can be viewed as a ?stock taking exercise?, ensuring that momentum is maintained and new measures are highlighted and taken when possible?.

He goes on to add that others that have not begun the process should view it as an ‘impetus’ to go head down and find the most cost-effective ways to slash energy costs. Ecovaro adds that they would also have the opportunity to reduce carbon emissions almost as a by-product.

Firms with more than 250 employees, over 250 million revenue or both must comply with ESOS across all UK sectors. In simplest terms, they must have conducted an energy audit by 5th December 2015, and logged their energy saving plan with the Environmental Agency that is Britain?s sustainability watchdog.

The Department of Energy & Climate Change (DEEC) that oversees it believes that large UK businesses are wasting ?2.8 billion a year on electricity they do not need. Clearly it makes sense to focus on larger targets; however EcoVaro believes those halfway to the threshold should voluntarily comply if cutting their energy bills by 25% sounds appealing.

We are able to assist with interpreting their energy audits. These are often a matter of installing sub-meters at distribution points, and reading these for a few representative months to establish a trend. Meters are inexpensive compared to electricity costs, and maintenance teams can install them during maintenance shutdowns.

Ecovaro helps these firms process the data into manageable summaries using cloud-based technology. This is on a pay-when-used basis, and hence considerably cheaper than acquiring the software, or appointing a consultant.

Ready to work with Denizon?

Contact Us Today