The General Data Protection Regulation (GDPR) of 2018 applies to all businesses that collect any data from customers or clients in the European Economic Area (EEA).
GDPR Article 32 specifically requires implementing technical measures to ensure data security, and calls for encryption of personal data as well as mechanisms to restore data availability in the event of a technical or physical incident.
Encyro helps you meet GDPR Article 32 requirements through
- access control
- multi-location encrypted backup
- activity logs, include account level activity logs available to you for audit
- organizational controls within Encyro to ensure that data is protected
More details on our data security safeguards are available here.
Remember that the GDPR also applies to data managed by you outside of Encyro and you may find additional cyber security guidance on our security blog (e.g. to enforce automatic log off on your computers).
Equivalent regulations also exist in the UK and Switzerland.
- The UK Data Protection Act of 2018 implements the GDPR in the UK and requires you to ensure that customer information is handled in a way that ensures appropriate security, including protection against unlawful or unauthorized processing, access, loss, destruction or damage.
- The Swiss Federal Data Protection Act (DPA) Article 7 and the Data Protection Ordinance (DPO) section 4 require businesses to secure data collected from Swiss nationals.
Using Encyro as part of your data security plan helps you satisfy your regulatory requirements.
Will Encyro sign a GDPR Data Processing Agreement (DPA) with my business?
Yes, Encyro does sign DPAs. A Data Processing Agreement (DPA) may be required for you under GDPR Article 28, section 3, to support your use of an external...
The SEC Regulation Title 17: Chapter II, Part 248, Subpart A: §248.30 requires every broker, dealer, and investment company, and every investment adviser ...
IRS Pub 4557 Compliance for Tax Practitioners
IRS Publication 4557 provides seven checklists for tax preparers to help protect tax clients' tax data. The safeguards also protect your business from a da...
NIST 800-171 Compliance
National Institue of Standards and technology (NIST) Special Publication 800-171 or NIST-SP800-171, specifies requirements for non-Federal computer systems...
Encyro helps you comply with FINRA cyber-security requirements is the following ways: Encyro maintains the confidentiality and integrity of data as require...
PCI-DSS requires safeguarding credit card data that you receive. Email is not a secure way to ask a customer to provide their credit card information to se...
Can Encyro access my messages and files?
Who can access my content? Can Encyro view my data? Is it different from Protonmail and other encrypted email services that claim they cannot access my dat...
I only need to send (not receive) secure messages, do I need Pro?
I will be sending patient medical records or client files but not receiving anything from them. Do I need Encyro Pro? If you do not need Encyro Pro to crea...