Synkzone background

Legal requirements & Compliance

As a business, government authority or organization we face a number of different expectations when it comes to the handling of data and information. There are some legal requirements that affect us all, and then there are ones that only affect those who handle certain types of data in specific areas. In either case it is your responsibility to meet the requirements that apply to you.

Get started today!

Legal reasons

NIS/NIS2

NIS and NIS2

The current NIS directive places demands on all organizations involved in essential services. But the EU Commission has recommended that the directive be updated into what is being referred to as NIS2 in order to better adapt it to todays security needs.

The plan is also that many more service providers will be subject to NIS and that those not adhering to the directive will face more severe penalties. The purpose of NIS2 is to build an increased, joint resilience against cyber related threats within the EU. The directive is also meant to be better adapted to current and future security needs.

Some important changes

  • More businesses, government authorities and organizations will be subject to NIS 2.
  • Greater accountability in making sure your suppliers work securely.
  • Possible introduction of sanctions, like those included in GDPR
  • Requiring specific training for management
  • Mandatory incident reports of so called ”near misses”
  • The use of encryption

Synkzone solutions provide you with both strong encryption and structured ways of working with your information in a secure way. Using Synkzone you will be well prepared in the face of technical requirements introduced in NIS2.

Schrems II and Privacy Shield

On July 16 2020 the EU court offered their verdict in the so called Schrems II case. The court held that the Privacy Shield agreement between the EU and the US did not offer sufficient protection for personal data as it is transferred to the US.

It is up to anyone who wants to transfer personal data to the USA or any other country to assess whether they feel that appropriate security measures have been taken in order to guarantee that the requirements of GDPR has been met.

Using Synkzone you are making sure that no information/data is transferred to the USA or any other country.

The General Data Protection Regulation (GDPR)

The general data protection regulation is designed to protect basic rights and freedoms, in particular the individual’s right to protect their personal information. The GDPR is enforced in the whole of the EU and one of its purposes is to create a uniform and equal level of protection of personal information, making sure that the free flow of goods and services within the EU and the EES is not obstructed.

Article 32 of the GDPR deals with ”Security of processing” in relation to the handling of data. The personal data controller and the personal data processor are to take any suitable technical and organizational steps needed to maintain a level of security in parity with the risks involved.

All data that is stored and shared using Synkzone is continuously encrypted using keys only your organization, no one else, has access to. This way your organization can rest assured that you have established a high level of security and minimized or even eliminated the risk for unauthorized access to personal data. And you also get a clear picture of, and control over, who in your organization has access to personal data.

Using Synkzone you are making sure that you as an organization have taken appropriate steps and that you live up to the levels of protection specified in recital 78 of the GDPR. You have full and central control over your data (you and no one else), you have the required protection of data in place, you are securing and can demonstrate sufficient secrecy and integrity using access and authorization control, and you have very strong protection in place when sharing data, internally and externally (end-to-end encrypted).

Synkzone is delivered using certified data centers in Sweden. This way you can be sure that you also meet the requirements of item 1.f in Article 5 of the GDPR.

The Cloud Act

The Cloud Act is an American law that provides US law enforcement the right to petition a court to order the release of information and data from all US tech companies. This applies irrespective of whether the information is stored on servers on US soil or servers physically located outside the US. This law is far reaching and US companies have no way, contractually or legally, of refusing to comply.

Synkzone is a Swedish-owned company and falls under Swedish and European jurisdiction. Our services are offered using Swedish technology, from Swedish soil. Using Synkzone you will never risk any data being handed over to neither the US or any other foreign power.

FISA 702

FISA 702 is a law that applies to American companies. This law allows for the US Attorney General, together with the Director of National Intelligence, to approve intelligence gathering on (1) non-Americans, (2) who in all probability are not currently in the USA, and (3) the gathering of intelligence concerning other countries.

In other words FISA 702 also applies to anything to do with Sweden and Swedish citizens. This means that the NSA, without needing a court order, can acquire intelligence concerning other countries via a communications supplier, without informing anyone that they are doing it. Any information acquired can also be stored indefinitely. The communications supplier is legally bound to assist the NSA.

Synkzone is a Swedish-owned company and falls under Swedish and European jurisdiction. Our services are offered using Swedish technology, from Swedish soil. Using Synkzone you will never risk any data being handed over to neither the US or any other foreign power.

The Swedish Security Protection Act (2018:585)

The Security Protection Act deals with the protection of information and operations vital to the security of Sweden and its protection against espionage, sabotage, terrorist activities and other related threats. As of 1 April 2019 a new Security Protection Act is in force and it expands the number of organizations and entities that are affected by this law.

If certain authorities or businesses in Sweden come under attack, it may have serious consequences for national security. It may, for example, concern parts of national defense, the judicial system, energy or water supply, telecommunications or the transport sector.

These organizations may, as part of their mission, need to handle information of vital importance to national security. If this information were to be disclosed, destroyed or altered it would affect national security. Some organizations may also need extra protection against terrorist attacks. If they were to be attacked, the consequences would be especially grave. These organizations need security protection.

Security protection falls under the Security Protection Act and The Security Protection Regulations.

Easy to get up and running!

Contact us today and you can start working securely by tomorrow

Get started today!

All Swedish storage, Zero Knowledge, really good encryption in the cloud, on your hard drive and during transfer. Superior ease of use.

John Daniels CEO, Weop