Use Two-factor authentication to comply with GDPR

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

Use Two-factor authentication to comply with GDPR Dirk Denayer Mon, 09/27/2021 – 15:45 Authentication

A recently published study from ENISA — the European Union Agency for Network and Information Security which advises member states and private sector organizations in implementing EU legislation, provides guidelines on how to take the appropriate measures and apply appropriate security to comply with the General Data Protection Regulation (GDPR). ENISA’s recommendation includes two-factor authentication and mobile application security as technical measures in high-risk situations to ensure cyber security, prevent phishing and data breaches, and protect the user experience.

The GDPR becomes the main legal framework for data protection in the EU and represents a significant step towards enhancing the privacy of EU citizens. Additionally, GDPR is applicable to any company offering goods or services to EU citizens, regardless of its size, location or industry, dealing with personal data as a data controller or as a data processor.

Significantly, and as defined in Article 32 of the GDPR, one of the core obligations for these companies is applying technical measures to secure this personal data by stating that data controllers and processors “shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.”

The implications and costs of non-compliance can be substantial — up to 4% of annual global turnover or €20 Million, whichever is greater. They are also obliged to report all breaches within 72 hours, risking significant brand damage in return.

ENISA Guidelines for GDPR Compliance

ENISA’s study on how to adopt organizational and technical security measures in order to achieve compliance with GDPR, makes use of a risk-based approach to define the appropriate measures in different areas.

For example, in the area of secure access, access control, and authentication, ENISA recommends implementing two-factor authentication in high-risk cases and in certain medium impact cases, as follows: “Two-factor

Read more

Explore the site

More from the blog

Latest News