GDPR-proof guarantee included in selected two-factor products from Hiddn

In response to the GDPR, Hiddn has announced a product guarantee that secures customers using our selected products with two-factor authentication against GDPR breaches and potential future fines following the loss of a Hiddn storage device.

Hiddn’s current two-factor product range with GDPR-proof guarantee includes the SafeDisk internal encrypted SSD for notebooks and tablets, the KryptoDisk 2 encrypted USB SSD drive and the coCrypt 2, encrypted flash memory. The GDPR-proof guarantee is only valid as long as the key token is kept separate from the device.

Our secure data storage products are built on the back of 20 years of security research and development, and demonstrably satisfy the security requirements of governments and armed forces around the world. Our most secure devices are virtually impenetrable to even the most sophisticated attackers, meaning that the data stored on them is uncompromised even if the device is lost or stolen.

Hiddn was founded on the belief that data security is central to privacy, and is well positioned to contribute as this idea moves from the military and government echelons, and into the mainstream.


More about GDPR

GDPR brings about a paradigm shift in companies’ responsibility for their clients’ personal information. Breaching GDPR requirements carries the risk of enormous fines, and the regulation can be difficult to implement flawlessly. To help companies prepare and comply, Hiddn offers a GDPR-proof guarantee, valid for our products with two-factor authentication technology.

A fine of 20 million euro, or up to 4% of the company’s global annual turnover. Whichever is the greater. That is the risk facing those companies that don’t comply with the new General Data Protection Regulation (“GDPR”), as it soon enters into effect.

The GDPR was introduced by the European Union to increase the accountability of companies that handle personal data belonging to customers from EEC countries. The GDPR relies on a rather broad definition of what constitutes personal data – it includes, but is not limited to, names, e-mail addresses, IP addresses, location data, health records and so forth. Furthermore, it doesn’t consider whether the customer acts in a professional role on behalf of an organisation or as a private person, forcing companies to be equally protective of all the personal data it collects.

All of this can make the transition to GDPR compliance seem intimidating.  Routines that define which data to collect and how to use it must be established, and consent to collect the data must be obtained from customers. Arguably, however, the most important measure is to ensure that the collected data is kept sufficiently secure to avoid the risk of losing it.

Articles 33 and 34 of the GDPR describe the details of personal data breaches. Not only is the data loss penalizable alone, but the fine can increase if the breach isn’t communicated to the local supervisory authority and those afflicted within undue delay. This constitutes a huge challenge, as the number of records containing personal information on a lost device could amount to thousands. Moreover, with the growing public focus on privacy, such a breach could have devastating reputational effects.