The General Data Protection Regulation (GDPR) was implemented on the 25th of May 2018 and applies to all companies that processes personal data of people living in the EU. Large corporations to small businesses must be GDPR compliant or face fines if in breach of data protection.  Depending on the size of the company,  the fines can be up to EUR 20 million or 4% of the global turnover of the infringer, whichever is higher.

GDPR icon

Realising the importance of the GDPR and its global scope (it also applies to non-EU organisations processing personal data of EU residents), many companies based in and outside the EU have ensured comprehensive GDPR-compliance embedded in their processes. However, many of them still underestimate the importance of secure communication channels.

Even the United Nations (UN) learned the importance of secure communication the hard way. During the conflict in Bosnia, insecure UN messages were intercepted by one of the parties to the conflict and used for planning military attacks. Shortly afterwards, the UN started using secure communications to prevent such incidents.

non compliance

In the context of the GDPR, the lack of secure communication may allow third parties (e.g., hackers) to gain unauthorized access to personal data processed by an organisation. The stolen data may be used to conduct identity thefts and other illegal acts. To prevent unauthorised access to personal data, Article 32 of the GDPR requires organisations processing personal data to “implement appropriate technical and organisational measures”, including, but not limited to, encryption of personal data.

Appropriate Technical and Organisational Measures

The term “appropriate technical and organisational measures” is broad and not explicitly defined, although Article 32 lists a few exemplary measures. This means that, in case of an investigation, the data protection authorities of the EU countries will have full discretion as to what constitutes an appropriate measure within the meaning of the GDPR. Hence, organisations willing to comply with the GDPR, need to have evidence that can be used to persuade the data protection authorities that appropriate technical and organisational measures have been taken.

The evidence may include the use of messaging applications relying on end-to-end encryption. Such applications are particularly suitable for proving GDPR compliance because the exemplary measures in the GDPR include “encryption of personal data.”

Messaging app

To avoid claims that a messaging application is not an appropriate technical measure for GDPR compliance, it is necessary to use messaging applications with strong encryption algorithms. FortKnoxster, for example, uses military-grade encryption which makes the unauthorised decryption of encrypted messages virtually impossible. Another advantage of FortKnoxster is that all messages are verified for message authenticity and integrity to avoid tampering.

Importance of End-to-End Encryption

End-to-end encryption messaging applications may not only facilitate GDPR compliance, but also reduce the compliance costs associated with it. An organisation willing to develop its own end-to-end encrypted messaging application, will incur substantial costs for software development and testing. The fees for using ready-made messaging applications like FortKnoxster constitute just a small fraction of those costs.

It is worth mentioning that, although one can find many free of charge messaging applications that claim to use end-to-end encryption, it is preferable to use paid applications. This is because most free applications base their revenue models on using some data of their users. They may sell or otherwise transfer such data to undefined third parties or use the data to generate customised advertisement banners. This may lead to complications in achieving GDPR compliance, as the GDPR requires a clear understanding of the flows of personal data within and outside the organisation concerned.

In conclusion, end-to-end encryption messaging applications allow organisations to ensure and prove GDPR compliance at a reasonable cost. Thus, reducing the risk of fines and reputational damages resulting from non-compliance with the GDPR.

About FortKnoxster

By using Fortknoxster Transfer you can share documents or sensitive information securely through your favourite app or email, our solution provides you with that security and peace of mind that you need so much to share information.

If you are looking to protect your online privacy and secure your communications online using FortKnoxster Messenger is the right choice, it now protects over 60 thousand users’ communications

Request your 7 day FREE trial, NO CREDIT CARD NEEDED.