Encryption is a crucial part of GDPR compliance but why is it so important and how does it work?
Under the upcoming EU General Data Protection Regulation organisations holding personal data are going to need to illustrate that they have implemented adequate security to protect that data.
Encryption is explicitly named as one of the appropriate technical and organisational measures that businesses can implement to ensure a level of security adequate to the risk.
The demonstrable use of encryption and other measures means that the communication of a data breach isn’t necessary to the data subjects: meaning you won’t need to disclose a data breach to those whose data is stolen, if it is encrypted.
Mark James, ESET IT Security Specialist, explains in simple terms how encryption works and why it plays such an important role in becoming fully GDPR complaint.
“Encryption basically takes digital information you can read (like employee/customer data, financial information etc.) and scrambles it in such a way that you are unable to make any sense of what you’re seeing, but using a process that can be reversed.
“In its very simplest form you could overlay the alphabet one letter to the right, so the name “Mark” would become “Nbsl” with the key used to generate the new letters you could easily reverse the word to its original form.
“One of the key points in compliance for GDPR is ensuring if devices are lost or stolen then any data contained therein is unintelligible to any person who is not authorised to access it.”
The only substantial weaknesses of encryption are how keys are managed and the passwords used to access encrypted data. An encryption solution, like ESET Endpoint Encryption, with centrally-managed, shared encryption keys circumvents this issue, ensuring that your data is as secure as possible.
The main strength of encryption is the robust nature of the technology. Powerful algorithms and increasing key lengths (bits), wide availability and relatively low cost mean that implementing an encryption solution is an easy win for your security and GDPR compliance.
Does your company encrypt its data? Let us know on Twitter @ESETUK.