GDPR recommends data encryption as sound security measure
With the GDPR, the concepts of Pseudonymization and Anonymization are brought to the forefront, and along with them, data encryption acquires greater importance. Data encryption is not a requirement of the Regulation, but it is a recommendation, and good measure that can be implemented. As such, it is a measure that can be very effective in guaranteeing compliance with the GDPR.
The implementation of adequate data encryption measures, impedes attackers, in the event of a breach or theft of data, from using the data, which is inherently beneficial.
What is data encryption
Data encryption or tokenization, implies making data unintelligible to whomever does not have authorization to access them. Encrypted data become incomprehensible in the event of an attack based on ransomware, or any other type of security breach. Decryption is only possible using a key, which ideally, should be in the possession of the company that owns the data.
Many organizations rely on a cloud or a supplier of Software as a Service to guarantee data encryption. That encryption is generally limited to static data, while the requirements of the GDPR also address the protection of sensitive and in-use data. The Regulation shifts the burden of responsibility for protecting information on to the companies that control the data, even when they resort to third party data processing and storage systems. It is therefore important that companies adopt the best practices within the scope of this process.
In the event of data loss or breach, if the company detains complete control over the encryption, it can spare itself the trouble of notifying the supervisor, as well as the owners of the data, about those security failures – simply because the data remains incomprehensible outside of the company’s domain.
Data encryption solutions
There are several data encryption solutions, some of which are included in Eurotux’s product portfolio, that may help guarantee full compliance with the GDPR. The IBM Security Guardium is one of them, enabling the encryption of sensitive data, as well as blocking and quarantining suspicious files, launching alerts for these cases. This IBM platform is a comprehensive solution that assures continuous auditability, monitoring and permanent tracking of data and files. The American giant presents technologies that contribute to the wide scope implementation of the GDPR, enabling the integration of several platforms that assure full compliance with the new legislation.
The Sophos SafeGuard is another data encryption solution provided by Eurotux, which guarantees encryption the moment the data is created.
Sophos’ Synchronized Security, enables permanent validation for the user, the application, and the total security integrity of a system, prior to allowing access to the encrypted data. With the SafeGuard Management Center, you can define specific encryption policies for different user groups and devices. The solution allows you to protect information stored on multiple platforms and operating systems, from a computer to a smartphone, and including USB drives, network shares, and even a cloud service.
In addition to these alternatives, there are other possibilities that allow you to protect companies’ most sensitive data, addressing the GDPR’s requirements. The implementation of the new Regulation requires a comprehensive approach that addresses a privacy policy by design, in which all processes are structures and implemented according to this concepts.
Eurotux can help you find the best solutions so that your company can remain in full compliance with the GDPR. Don’t waste any more time in contacting us, in order to prepare your company for a law that comes into effect on May 25th.
