We are excited to share that we are set to begin a new chapter with Dropbox, Inc. Dropbox is acquiring our IP technology to embed natively into the Dropbox product, bringing end-to-end, zero-knowledge encryption to millions of business customers around the world. Check out our blog to find out more!

EU General Data Protection Regulation – 2 year period of adjustment starts now

EU General Data Protection Regulation – How will the new customer protection laws affect companies?

On the 14th of April the new and strongly anticipated General Data Protection Regulation (GDPR) has been passed. 20 days later, it will become effective officially. European companies will have two years to change their data protection arrangements according to the regulation. The regulation does not only affect European companies, but also international businesses who deal with data of European citizens.

This new regulation replaces the data protection regulation (Directive 95/46/EC) from 1995. Generally speaking, there is nothing against an EU-wide regulation of data protection to harmonize current laws. But it is important for companies to start making arrangements soon:

“With […] a lead time of only two years before the Regulation takes effect directly in all member states, organisations will need to start preparing now for what will be the biggest change to data protection laws in over 20 years,” says Kuan Hon, a British data protection law expert.

While the new regulation will strengthen data privacy in many countries, there is criticism in others. German data protection experts fear higher costs and more bureaucracy for companies with less than 250 employees, exactly the opposite of what the EU wants to achieve. Only companies with more than 250 employees have to appoint an internal data protection officer, and have to document data protection internally. The data protection agencies should no longer advise, but only supervise. This is a shift that can become problematic in Germany, a country that already has strict and well organized data protection, since the cooperation between companies and authorities will be complicated. Small companies may have to create a position only for communication with the authorities.

In this article we will inform you about the biggest changes that the EU GDPR brings for smaller companies. We will keep you up to date with further information, so that the adjustments to the new rules will be smooth for your company.

The first difference lies in the way the Regulation is introduced. The directive from 1995 had to be implemented into national law by the member states. The new Regulation, however, is in force for all member states right from the beginning. This means it cannot be weakened by single states.

Objectives of the EU GDPR – How the new protection of customer data affects companies

The GDPR strengthens the rights of individuals in a way that they have the right to know what happens to their data at any time. If you are a company dealing with personal data, you will face more work and effort.

The most important objectives at one glance:

  • Standardization of rules for the handling of personal data: This affects private companies as well as public authorities.
  • Ensuring the protection of personal data EU-wide
  • Tougher penalties for breaching the data privacy laws (fines go up to 4% of the global turnover of a company)
  • Introducing the right to be forgotten: It will be easier for users to have their data erased on request.
  • A right for data portability: Users can switch from one provider to the other and now have the right, to take their data with them (for example at social media services).
  • The GDPR applies to companies outside of the EU, as well, as soon as they offer a service for EU citizens (for example Facebook and Google, or different cloud providers).

Next steps

Now that the GDPR has been passed, companies have to start to adopt the new Regulations. We will keep you up to date with advice and news regarding the Regulation, and will accompany you through the 2-year period of adapting to the CDPR.

Get further information here.

Condividi questo articolo

Articoli Correlati


Our New Chapter with Dropbox: What Boxcryptor Users Need to Know

Last week we already announced that we sold important technology assets to Dropbox. What our customers need to know now, we explain in detail here.


A letter from our Founders: We’re joining Dropbox!

Almost 12 years ago, we set out to make complex security solutions easy to use. Now we are excited to share that we are set to begin a new chapter with Dropbox, Inc.

Dummies Book Cover and Back

CLOSED We Celebrate Our Book Release: Your Chance to Win

We have published our first book to get even more people excited about the cloud and data security. Celebrating the official launch, you can win printes copies and Boxcryptor licenses in our raffle. Read about the details in our blog post.