The General Data Protection Regulation & The Duty to use Encryption

The General Data Protection Regulation, abbreviated to GDPR, raised a storm when it arrived. In reality, it merely tightened up on existing good practice according to digital security specialists Gemalto. The right to withhold consent and to be forgotten has always been there, for example. However, the GDPR brings a free enforcement service for consumers, thus avoiding the need for third party, paid assistance.

The GDPR Bottom Lines for Data Security
Moreover, the GDPR has penalties it can apply, of the order that might have a judge choking on his wig. Under it, data security measures such as pseudonymisation (substitution of identifying fields) and encryption (encoding including password protection) have become mandatory. Businesses must further respect their client data by:

a) Storing it in a secure environment supported by robust services and systems

b) Having proven measures to restore availability and access after a breach

c) Being able to prove frequent effectiveness testing of these measures.

The General Data Protection Regulation places an onus on businesses to report any data breaches. This places us in a difficult situation. We must either face at least a wrist slap upon reporting failures. Alternatively, pay a fine of up to ?10 million, or 2% of total worldwide annual turnover.

The Engineered Weak Link in the System
Our greatest threat of breach is probably when the data leaves our secure environment, and travels across cyberspace to an employee, stakeholder, collaborator, or the client themselves. Since email became open to attack, businesses and individuals have turned to sharing platforms like Dropbox, Google Drive, Skydrive, and so on. While these do allow an additional layer of password protection, none of these has proved foolproof. The GDPR may still fine us heavily, whether or not we are to blame for the actual breach.

How Hacking is Approaching Being a Science
We may make a mistake we may regret, if we do not take hacking seriously. The 10 worst data hacks Identity Force lists are proof positive that spending lots of money does not guarantee security (any more than having the biggest stock of nuclear weapons). We have to be smart, and start thinking the way that hackers do.

Hacker heaven is finding an Experian or a Dun & Bradstreet that may have shielded 143 million, and 33 million consumer records respectively, behind a single, flimsy cyber-security door. Ignorance is no excuse for them. They should simply have known better. They should have rendered consumer data unreadable at individual record level. The hackers could have found this too demanding to unpick, and have looked elsewhere.

How Data Encryption Can Help Prevent Hackers Succeeding
Encrypting data is dashboard driven, and businesses need not concern themselves about it works. There are, however, a few basic decisions they must take:

a) Purge the database of all information held without explicit permission

b) Challenge the need for the remaining data and purge the nice-to-haves

c) Adopt a policy of encrypting access at business and customer interfaces

d) Register with three freemium encryption services that seem acceptable

e) After experimenting, sign up for a premium service and be prepared to pay

Factors to Consider When Reaching a Decision
Life Hacker?suggests the following criteria although the list is a one-size-fits-all

a) Is the system fast, simple, and easy to operate

b) Can you encrypt hidden volumes within volumes

c) Can you mass-encrypt a batch of files easily

d) Do all other files remain encrypted when you open one

e) Do files automatically re-encrypt when you close them

f) How confident are you with the vendor, on a scale of 1 to 10

It may be wise to encrypt all the files on your system, and not just your customer data. We are always open to a hack by the competition after our strategic planning. If we leave the decision up to IT, then IT, being human may take the easy way out, and encrypt as little as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

The Future is Smarter with a Smart Meter

Traditionally, electricity and water meter consumption was measured via analogue meters. Utility billing was based on actual consumption units obtained from the meter by meter readers. This entailed physical visits to the metering point. Lots of challenges came with meter reading; talk of customers feeling their privacy is intruded, meter readers encountering hostile customers, dogs, closed gates. The result was estimated bills that were most often than not very high.

Smart meters can be dubbed as the ?next generation? type of meters. Smart meters send wireless electronic meter readings to one?s energy supplier automatically. There are both gas smart meters and electricity smart meters. Smart meters come with in-home displays, which give someone real-time feedback on their energy usage and the associated cost.

Smart meters communicate meter readings directly to utility companies therefore no one has to come to your home to read your meter; and neither are you required to submit meter readings yourself. This not only reduces costs, but leads to more accurate electricity bills practically eliminating estimated bills. Smart meters signal the end of estimated bills, and the end of overpaying or underpaying for energy.

Whereas a smart meter in itself does not save you money, the add-ons (in-home displays) that come with the smart meters and which give someone real-time feedback on their energy usage helps them to reduce the unnecessary energy use and this ultimately leads to better oversight into how to lower utility bills hence better management of one?s energy use.

In summary, a smart meter is a technology that enables energy consumers to see their energy as they use it, a technology where energy is displayed as it is being used and wireless ratings sent. Adoption of smart meters would mean the end of estimated energy bills.

Smart meters are also promising a smart future where all energy consuming devices can be connected to the internet and centrally controlled using computers or smartphones. This means one is able to switch off lights and other energy consuming devices from a central point, hence make savings and this will enable them to have greater control of their energy use, hence more comfort, convenience and life will be cheaper for all. This is the smarter future we are all looking forward to.

Key Steps to Complying with ESOS

Energy Savings Opportunity Scheme has already been launched. In fact, it is by now in its initial phase. However, many businesses are still not aware of the new scheme, especially those who are covered by the qualifications for ESOS. To help them understand what they need to do in compliance to the energy efficiency strategy, here are key steps they can follow along the way.

Measure Overall Energy Consumption

The first step to complying with ESOS is to make an initial estimate of the business? energy consumption. This includes measuring the use of electricity, renewable energy, combustible fuels and all other forms of energy consumed whether in buildings, transports and industrial processes.

Three important factors to consider are the measurement units used, the reference period and quality of data. Energy units, such as MWh and GJ, or energy expenditure costs should be applied. Business enterprises should also do the initial measurement within a reference period of 12 months. Moreover, data collected should be verifiable at hand.

Identify Areas of Significant Energy Consumption

When the total energy consumption for all the activities and assets has already been estimated, it’s then time to identify what areas in the organisation comprise the significant portion of the overall energy usage. The areas recognised should cover at least 90% of the overall consumption. Meaning to say, ESOS participants have the chance to omit 10% of the energy consumption and instead focus on the 90%. This would ensure that subsequent energy audits will be cost-effective and proportionate.

Consider and Choose Compliance Routes

In order to comply with ESOS, qualified businesses should consider what compliance routes to take. These routes include taking series of energy audits, operating and implementing a certified ISO 50001 energy management system, acquiring Display Energy Certificates (DECs) and working with Green Deal assessments. Whichever route the business takes, one should maintain credible evidences, along with helpful documents, to certify their compliance.

Report the Compliance

Except when the large enterprise covers all the significant areas of energy consumption by means of ISO 50001 certification, one should appoint a lead assessor to supervise, conduct and review the organisation’s chosen ESOS compliance route. In this case, the approved assessments should then be signed off at board level to ensure that the conclusions and recommendations for energy savings are properly carried. To confirm their compliance, the business should submit a formal notification to the Environment Agency.

Because ESOS is not just an opportunity but also an obligation, it designated compliance bodies and gave them the authority to file civil penalties towards those who fail to comply with the scheme. Not only that, these appropriate authorities have the right to publish information about non-compliant enterprises including their name, details of non-compliance and corresponding penalty amount. Among these UK compliance bodies are Natural Resources Wales, Environment Agency in England, The Scottish Environment Protection Agency (SEPA) and Northern Ireland Environment Agency.

So, if you are covered with the ESOS qualifications, make sure to be informed. As the famous saying goes, ?Ignorance of the law excuses no one.? Likewise, awareness of ESOS is a responsibility every large business in UK should give importance to.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Energy Cooperation Mechanisms in the EU

While the original mission of the European Union was to bring countries together to prevent future wars, this has spun out into a variety of other cooperative mechanisms its founders may never have dreamed of. Take energy for example, where the European Energy Directive puts energy cooperation mechanisms in place to help member states achieve the collective goal.

This inter-connectivity is essential because countries have different opportunities. For example, some may easily meet their renewable targets with an abundance of suitable rivers, while others may have a more regular supply of sunshine. To capitalise on these opportunities the EU created an internal energy market to make it easier for countries to work together and achieve their goals in cost-effective ways. The three major mechanisms are

  • Joint Projects
  • Statistical Transfers
  • Joint Support Schemes

Joint Projects

The simplest form is where two member states co-fund a power generation, heating or cooling scheme and share the benefits. This could be anything from a hydro project on their common border to co-developing bio-fuel technology. They do not necessarily share the benefits, but they do share the renewable energy credits that flow from it.

An EU country may also enter into a joint project with a non-EU nation, and claim a portion of the credit, provided the project generates electricity and this physically flows into the union.

Statistical Transfers

A statistical transfer occurs when one member state has an abundance of renewable energy opportunities such that it can readily meet its targets, and has surplus credits it wishes to exchange for cash. It ?sells? these through the EU accounting system to a country willing to pay for the assistance.

This aspect of the cooperative mechanism provides an incentive for member states to exceed their targets. It also controls costs, because the receiver has the opportunity to avoid more expensive capital outlays.

Joint Support Schemes

In the case of joint support schemes, two or more member countries combine efforts to encourage renewable energy / heating / cooling systems in their respective territories. This concept is not yet fully explored. It might for example include common feed-in tariffs / premiums or common certificate trading and quota systems.

Conclusion

A common thread runs through these three cooperative mechanisms and there are close interlinks. The question in ecoVaro?s mind is the extent to which the system will evolve from statistical support systems, towards full open engagement.

Ready to work with Denizon?

Contact Us Today