GDPR Compliant Cloud Storage - A Step-by-Step Guide for 2019
Are you confused about GDPR and Cloud Storage? Learn how to improve your GDPR compliance with Nimbox.
What does GDPR Compliant actually mean?
The part of GDPR that Nimbox focuses on is encryption. In detail, GDPR recommends that you encrypt your data. Nimbox goes a step further with zero-knowledge protection (learn more about zero-knowledge encryption here). Encryption is only as secure as it can be when only you have the encryption key. Many other providers use encryption, but they also have the same access to the same key you use to open your front door.
Why you should value UK Privacy.
Do you know the physical location of where your data is stored? Before cloud computing, all business data resided in the companies country. Organisations knew where their data was stored because they could walk to it physically in the office. With the cloud, your data could be stored anywhere in the world. Future-proofing the success of your business starts with taking responsibility for your data against security threats in these uncertain times.
Step 1 - Control access to your data.
A. Ensuring only the right people have access to the correct data is a security challenge that many organisations face. The Nimbox platform allows freedom of collaboration while reducing the risk of a data breach. It does this through enforcing security policies such as; zero-knowledge protection, auto password renewal, encrypted external shares and two-factor authentication to enhance the security of your organisation’s data management.
Step 2 - Secure your email.
A. Sending emails is part of the day to day for your organisation, but could your emails be easily intercepted? Nimbox enables your organisation to send sensitive information securely through the portal or via Microsoft outlook for an efficient workflow and security.
Step 3 - Centralise your data security.
A. As advised by GDPR, encryption is a vital part of remaining compliant, but how do you do this efficiently? Anything stored in Nimbox automatically gets encrypted with zero-knowledge protection.
Bonus Step - Plan for brexit.
A. Your data is your responsibility, GDPR mandates privacy by default, meaning you should have tools that govern access of your information internally and externally including the life cycle from creation to destruction — taking actions that benefit your organisation regardless of what happens after Brexit is critical.
We help with ransomware too.
Some advanced ransomware attacks such as ‘Locky’ may delete, duplicate, or change file names. This process usually irreversibly destroys a file’s revision history, preventing users from restoring a previous version. The ICO give their guidance when it comes to ransomware and security threats here.
The anti-ransomware feature gives you the ability to restore files to exactly how they were before any ransomware infection. Learn how in this video.
What does data protection look like?
Some advanced ransomware attacks such as ‘Locky’ may delete, duplicate, or change file names. This process usually irreversibly destroys a file’s revision history, preventing users from restoring a previous version. The anti-ransomware feature gives you the ability to restore files to exactly how they were before the ransomware infection. Learn how in this video.
How important is data security in your organisation?
Take the GDPR quiz.
How good is your GDPR knowledge? Maybe this is for you or for someone you know that could do with learning more about GDPR. Either way, see how your knowledge stacks up. Click here to take the quiz
Most frequent questions and answers
GDPR stands for General Data Protection Regulation. It came into effect 25th May 2018. It’s a european-wide law that replaces the Data Protection Act 1998.
The GDPR applies to any organisation that handles personal data, meaning information that is relating to a identifiable person.
Within the guidelines of the GDPR it says that organisations must implement appropriate security measures when storing data. Nimbox provide Zero-Knowledge encryption of your data which is above and beyond the basic requirements of the GDPR. Learn more about our security here.
Data stored in Nimbox is encrypted with 256-bit Advanced Encryption Standard (AES) cryptography in cipher-block chaining mode. Organisation data is always encrypted—on a device, in transit, and whilst stored—and can only be decrypted by you, and your authorised users.
Our architecture allows for the secure inspection of traffic by you to ensure there is no malicious content. Importantly, Nimbox can never see your data, unlike many other cloud storage services that may be able to access unencrypted customer data.
Nimbox provide this level of security along with only hosting your data on UK servers.
If you do not comply with GDPR then your organisation can face serious consequences. Fines of €20m or 4% of annual turnover, whichever is greater.
Your data is your responsibility, GDPR mandates privacy by default, meaning you should have tools that govern access of your information internally and externally including the life cycle from creation to destruction — taking actions that benefit your organisation regardless of what happens after Brexit is critical.