Recent years have demonstrated great efforts made by organisations to encrypt any data that needs to physically leave the building where it is normally stored – the “data at rest” is made unreadable to any person or entity that is not authorised to read that data.

Traditionally it is patient and finance data that have been the focus, typically stored or used on a mobile device such as a laptop. If an unencrypted laptop was stolen then it would need to be reported to the Information Commissioner’s Office (ICO) as a data security breach.

With new EU Data Protection laws on the way, it is important to understand how this may affect your organisation. Should a personal data breach occur, the exposure of any information that directly or indirectly identifies an individual, that organisation will be required to notify the supervisory authority within 72 hours after having become aware of the breach.

The consequences of a breach have also become much more significant. For example, new enforcement powers can mean maximum fines of €20 million or 4% of annual worldwide turnover.

In order to prepare for changes to Data Protection Regulation, you should consider looking at strategies that include encryption technologies.