The Data Protection Directive (Directive 95/46/EC) is a European Union (EU) regulatory framework that aims to protect the privacy of personal data within the EU. Implemented in 1995, the directive requires all member countries of the EU to enact laws to enforce these regulations. The EU data protection regulations are stricter and more comprehensive than those in the United States. As a result, U.S. companies that handle data from EU citizens must put extra measures into place to comply with the directive under the so-called “US-EU Safe Harbor” agreement. Data security is just one aspect of the Data Protection Directive. Compliance with the directive and protection under safe harbor requires robust encryption and key management that ensures the privacy and confidentiality of citizen records.