With the implementation of the European Union’s General Data Protection Regulation fast approaching, Yubico founder and CEO Stina Ehrensvard is making the case for the YubiKey as a convenient, affordable way to reach compliance.
The GDPR is essentially a major update to EU privacy regulations first established in 1995, and reflects the massive cultural changes that digitization has wrought in the ensuing years. It’s concerned with ensuring the integrity of Europeans’ privacy with components such as the ‘Right to be Forgotten’, and also aims to help reinforce citizens’ data security with elements like a requirement for companies to notify the public within 72 hours of a data breach.
For companies, this is important primarily due to the consequences of non-compliance. Writing on her company’s blog, Ehrensvard points out that GDPR delinquents face “hefty fines of €20M or 4% of worldwide turnover for non-compliance, whichever is greater,” a threat that has ensured that “GDPR has got everyone’s attention.” But compliance doesn’t have to be difficult. Echoing her recent discussion of the FIDO U2F security keys’ benefits in preventing data breaches like the recent Equifax fiasco, Ehrensvard asserts that FIDO U2F, the authentication standard that YubiKeys are designed to meet, “has today proven at scale that it is the strongest defense against modern phishing attacks that hijack the session, the so called man-in-the middle attacks.” It doesn’t store users’ personally identifiable information, and doesn’t share secret data between the many online sites and services that support it. FIDO U2F was even referenced by the European Union Agency for Network and Information Security as a GDPR-compliant authentication solution, Ehrensvard adds.
While some enterprises will also want to look at some of the other sophisticated technology solutions emerging to ensure GDPR compliance, such as behavioral biometrics, Yubico’s USB keys offer a simple, affordable plug-and-play security tool that will be appreciated by many end users, not to mention EU regulatory authorities, once GDPR comes into effect at the end of May, 2018.