GDPR: Passwords don’t comply

April 11, 2018

Those who do not comply with the new regulation will face fines of up to 20 million euros or 4 percent of their annual turnover; whichever is more. It is therefore no surprise that many businesses are scrambling to prepare for its 25th May 2018 enforcement date.

The GDPR leaves room for interpretation, however the new regulation leaves no doubt that if you leave simple, static passwords in place and your systems are breached; the auditors will come for you.

The responsibility of securing a against a data breach is significantly increased under GDPR, and businesses need to focus on understanding the location of sensitive information, who has access to it and what strong authentication techniques can be deployed to secure access between users and data.

Passwords are outlawed by GDPR

Organisations are required to carry out risk assessments, and if an assessment shows that using a password as authentication will not lead to problems, then it is ok.

However, in the overwhelming majority of real-life scenarios, passwords offer a low level of security, and are therefore outlawed by the GDPR.

The problem with passwords

Passwords account for 81 percent of hacker-related data breaches, according to the 2017 Verizon Data Breach Incident Report. It is abundantly clear that traditional security measures aren’t working and that passwords are a problematic way to protect ourselves and our data.

According to Verizon’s 2017 Data Breach Investigation Report, organisations are not doing enough “if a username and password is the only barrier”.

Organizations are therefore risking their compliance by sticking with passwords.

Biometrics are the answer

Smart organisations are looking to use the technology-refresh opportunity to get rid of passwords completely and move instead to solutions that deliver more convenient and secure options authentication.

Leveraging next-generation technologies, such as Biometrics, allow for better identity management and data access control.

Building an access control environment and enforcing that environment will require biometric authentication to truly identify an individual. Accessing your information using something you ARE is always going to be better than something you KNOW.

Biometrics also help in the auditing and forensics process by creating traceability. The ability to reconstruct an event will become especially important under the GDPR.


Whilst the GDPR has created a lot of confusion and uncertainly, one thing is clear: start with understanding where your sensitive data exists and determine who has access to it. Then use this opportunity to tech refresh and eliminate passwords.

Move to a next-generation authentication solution that will serve you well for this and other compliance regimes.

A lagging organisation will be hit with the full fine, but don’t just aim to avoid the fines – now is the perfect opportunity to actually improve the organisation and use this as an opportunity to embrace advanced security solutions for their data, employees and customers.

Leverage biometrics as a first step in strengthening data access management and control, and get a head start on GDPR compliance.

Some of our partners…

We partner with the leading providers of hardware, software and cloud technology, such as…

What our clients say…

Thank you to the Tustone team for always being there, for resolving our IT issues, making recommendations, and keeping our data safe.

Managed IT Support Services
Chartered Accountants based in Bedfordshire

A first class company that is run by dedicated IT professionals who strive to provide a fast and comprehensive service.

Network Infrastructure Services
Online Marketplace

Top team, extremely efficient & effective in what they do, would highly recommend.

Cloud Services
Estate Agency in Bedfordshire

Excellent, proactive support from a professional and approachable team.

Managed IT Support Services
Chartered Accountants based in Hertfordshire

Talk to us today

Contact us direct

By phone

Give us a call on 01582 240333

By email

Our sales team is available on

By post

Tustone Technical Services Ltd
Unit E3 Basepoint Innovation Centre
110 Butterfield

By social media


Or let us contact you