Personal Data Deindetification: Data Encryption
The GDPR is a much talked about set of regulations soon to go into affect. The regulation intends to give European Union citizens better control over how organizations use their personal information. The GDPR works to establish a baseline of personal rights and data protection for all EU residents to enjoy.
Among the requirements set forth in the new regulations, organizations will soon be required to notify individuals about how they are processing a person's personal data and they also must justify their reason for collecting and storing any kind of data they process. If an organization cannot prove a direct need in their business for holding onto a piece of data, it has to be deleted it.
The EU Parliament passed these regulations in April 2016 but they are not set to go into affect until the end of May 2018, and companies are hustling to ensure they are in compliance because failure to comply will prove costly. However, it is not just companies located in the EU who will be affected by these regulations.
Parliament has suggested that all countries who deal with information of people residing within the European Union must meet these requirements. While there is debate over whether or not they can extend such regulations to non-EU based companies and websites, many are taking early action in response to this possibility.
Regardless, being in compliance with the GDPR is no easy feat and penalties for noncompliance are serious. An organization that fails to meet the requirements could face fines up to 20 million euros (about $25 million USD) or 4% of their global annual revenue, whichever is greater. Now, while this is great motivation to pursue GDPR compliance no matter where your company happens to be located, preparing for these new regulations will also prove beneficial to your company.
Being GDPR compliant will help your company better understand your internal data process. It will also give you a better sense of what information is available to you, what to do with it, where it's stored, and how long your business keeps it. In addition, you need to have a solid understanding of how your business protects such data.
Data Encryption for GDPR
Data encryption is a critical part of GDPR compliance although there are no explicit GDPR encryption requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures."
Encryption is a very powerful security technique that converts or encodes messages and information into unintelligible form. It does so in a way that allows only authorized parties to access it. Unauthorized parties cannot access encrypted data. Data is encrypted using software that utilizes one or more cryptographic keys. Each key is made up of a string of random characters, like letters and numbers. A key converts (encrypts) the original plaintext data into encrypted ciphertext format.
Ciphertext format is secure because it can only be read once decrypted. The encryption keys can be used to convert and decrypt cipher text back into human readable plaintext data. Since this encryption process renders a set of information unreadable and, therefore, unusable to anyone who does not have a valid cryptographic key, GDPR encryption techniques can prove very beneficial to your company if a data breach is ever to occur.
The GDPR has set a strict requirement that all organizations must notify people in the event of a data breach within just 72 hours. If you encrypt your data, however, you will not have to comply with this requirement since any "leaked data" will be totally unusable and unreadable to any unauthorized individuals who view it. The reason is simple: if the data is unintelligible outside of your organization, no information has truly been leaked.
In conclusion, data encryption can prove to be highly effective for keeping your organization in GDPR compliance in combination with other measures. Data encryption can help you avoid harmful data breaches alongside expensive noncompliance fines and penalties.
Most Recent Articles
- TeskaLabs helps LINET with cyber security compliance for medical devices
- TeskaLabs and University hospital in Pilsen launches a pilot of zScanner - open source mobile app for medical photo documentation
- EV Charging Station security demonstrator
- Five Ways AI And Machine Learning Can Enhance Cybersecurity Strategy
- C-ITS ITS-S Security microservice
You Might Be Interested in Reading These Articles
The year 2018 will, at least in Europe, be a turning point for data privacy and personal information protection. In this article, I will focus on personal data processing. I describe methods of de-identification of personal data, such as pseudonymization, anonymization, and encryption.
Published on November 28, 2017
Artificial Intelligence (AI) and its essential component machine learning are causing a stir in practically every industry from marketing to education. It’s no wonder designers and tech developers are finding ways to use the benefits of automated technologies to improve cybersecurity infrastructure and defend against increasingly complex and numerous cyber threats.
Published on June 24, 2020
zScanner is a mobile application for clinical and medical photo documentation. zScanner enables doctors to take photos of patient medical records, and of injuries of the patients, and upload them to a hospital information system. zScanner is an application developed and used by IKEM, a major Czech hospital, and the largest center of clinical and experimental medicine in the Czech Republic.
Published on May 12, 2019