Part 1 – A deep dive guide to encryption for GDPR compliance
Encryption could be the silver bullet to reduce security risks, but how do you go about assessing its potential for your organisation, this 3-part guide, should help.
Early GDPR recommendations
“Encryption is explicitly named as one of the appropriate technical and organisational measures that businesses can implement to ensure a level of security adequate to the risk (via a breach).”
The ICO recently added that;
“Where such losses occur (via a breach), and where encryption has not been used to protect the data, it is possible that regulatory action may be pursued. This is particularly the case given the widespread availability of encryption solutions, and the ease with which you can deploy them in your organisation.”
This guidance series will equip you with the knowledge to asses your risk and establish encryption fit in your compliance plan.
Part 1 – A deep dive guide to Encryption for GDPR compliance
Who is this guide for?
- Controllers and /or processors who have assessed the risk posed to their data subjects by a breach of their personal data and have determined that data should be secured with encryption
- Processing solution vendors currently offering or planning to implement encryption to satisfy customer demand for GDPR-compliant solutions
- Others, such as consultants, insurers, or regulators, in need of a comprehensive GDPR-specific gap analysis/audit tool to assess current or proposed encryption solutions intended to enable compliance with the GDPR
This guide is written in a plain-language/least-technical manner; expertise in encryption or the GDPR is not required.
What is this guide for?
- To enable readers to understand how encryption does, and does not, assure compliance with the GDPR
- To conduct gap analyses and/or compliance audits on current or proposed encryption solutions whose purpose is to enable compliance with the GDPR
- To develop a comprehensive set of encryption-related technical requirements for current or proposed data processing operations
This guide is suitable for any type of software platform, application architecture, data type, device type, processing method, or scale of operation.
If you find this guidance helpful, please check out Part 2 – Step by step guide to doing your own GDPR encryption gap analysis.