Part 2-Encryption for GDPR completing a Gap Analysis.
This is a companion to the iComply365 Guide to Encryption for GDPR Compliance. It designed to assure appropriateness and coverage, that is, to make certain that appropriate, state-of-the-art, encryption-enabled security functions have been applied to all instances of a given set of data. The questions are applied per application because applications, based on input from humans and/or other applications, are the mechanisms that actually create, alter, send, receive, store, move, copy, and manage access to data. Applications and encryption solutions operate within specific subsets of all possible combinations of operating system, device type, application architecture, and data format.
Who is this guide for?
- Controllers and /or processors who have assessed the risk posed to their data subjects by a breach of their personal data and have determined that data should be secured with encryption
- Processing solution vendors currently offering or planning to implement encryption to satisfy customer demand for GDPR-compliant solutions
- Others, such as consultants, insurers, or regulators, in need of a comprehensive GDPR-specific gap analysis/audit tool to assess current or proposed encryption solutions intended to enable compliance with the GDPR
This guide is written in a plain-language/least-technical manner; expertise in encryption or the GDPR is not required.
What is this guide series for?
- To enable readers to conduct gap analyses and/or compliance audits on current or proposed encryption solutions whose purpose is to enable compliance with the GDPR
- To develop a comprehensive set of encryption-related technical requirements for current or proposed data processing operations
This guide is suitable for any type of software platform, application architecture, data type, device type, processing method, or scale of operation.
If you find this guidance helpful, please check out our other blog posts.