Personal Data Deindetification: Data Encryption
The GDPR is a much talked about set of regulations soon to go into affect. The regulation intends to give European Union citizens better control over how organizations use their personal information. The GDPR works to establish a baseline of personal rights and data protection for all EU residents to enjoy.
Among the requirements set forth in the new regulations, organizations will soon be required to notify individuals about how they are processing a person's personal data and they also must justify their reason for collecting and storing any kind of data they process. If an organization cannot prove a direct need in their business for holding onto a piece of data, it has to be deleted it.
The EU Parliament passed these regulations in April 2016 but they are not set to go into affect until the end of May 2018, and companies are hustling to ensure they are in compliance because failure to comply will prove costly. However, it is not just companies located in the EU who will be affected by these regulations.
Parliament has suggested that all countries who deal with information of people residing within the European Union must meet these requirements. While there is debate over whether or not they can extend such regulations to non-EU based companies and websites, many are taking early action in response to this possibility.
Regardless, being in compliance with the GDPR is no easy feat and penalties for noncompliance are serious. An organization that fails to meet the requirements could face fines up to 20 million euros (about $25 million USD) or 4% of their global annual revenue, whichever is greater. Now, while this is great motivation to pursue GDPR compliance no matter where your company happens to be located, preparing for these new regulations will also prove beneficial to your company.
Being GDPR compliant will help your company better understand your internal data process. It will also give you a better sense of what information is available to you, what to do with it, where it's stored, and how long your business keeps it. In addition, you need to have a solid understanding of how your business protects such data.
Data Encryption for GDPR
Data encryption is a critical part of GDPR compliance although there are no explicit GDPR encryption requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures."
Encryption is a very powerful security technique that converts or encodes messages and information into unintelligible form. It does so in a way that allows only authorized parties to access it. Unauthorized parties cannot access encrypted data. Data is encrypted using software that utilizes one or more cryptographic keys. Each key is made up of a string of random characters, like letters and numbers. A key converts (encrypts) the original plaintext data into encrypted ciphertext format.
Ciphertext format is secure because it can only be read once decrypted. The encryption keys can be used to convert and decrypt cipher text back into human readable plaintext data. Since this encryption process renders a set of information unreadable and, therefore, unusable to anyone who does not have a valid cryptographic key, GDPR encryption techniques can prove very beneficial to your company if a data breach is ever to occur.
The GDPR has set a strict requirement that all organizations must notify people in the event of a data breach within just 72 hours. If you encrypt your data, however, you will not have to comply with this requirement since any "leaked data" will be totally unusable and unreadable to any unauthorized individuals who view it. The reason is simple: if the data is unintelligible outside of your organization, no information has truly been leaked.
In conclusion, data encryption can prove to be highly effective for keeping your organization in GDPR compliance in combination with other measures. Data encryption can help you avoid harmful data breaches alongside expensive noncompliance fines and penalties.
Most Recent Articles
- Creative Dock, TeskaLabs, Indermedica, Czech Ministry of Industry and Trade and Line 1212 launch the indicative test for new COVID-19 coronavirus
- Cyber-health with a password and an antivirus program is not enough
- TeskaLabs at the ETSI 1st C-V2X Plugtest
- TeskaLabs has become a leader of Mobile Healthcare applications in the Health (in) Future Platform
- TeskaLabs at the ETSI 7th CMS Plugtest validating C-ITS security
You Might Be Interested in Reading These Articles
Pseudonymization is a critical part of GDPR compliance although there are no explicit GDPR pseudonymization requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures.
Published on July 15, 2018
zScanner is a mobile application for clinical and medical photo documentation. zScanner enables doctors to take photos of patient medical records, and of injuries of the patients, and upload them to a hospital information system. zScanner is an application developed and used by IKEM, a major Czech hospital, and the largest center of clinical and experimental medicine in the Czech Republic.
Published on May 12, 2019
Technological advances are being made on a daily basis with one goal in mind - simplifying our daily lives. Everyone now owns a computer and smartphone and thanks to the Internet, everyone has access to lots of different types of information. The medical field has benefitted greatly from this advancement in technology. Not only does it help simplify many processes which would otherwise be long and tedious to complete, it also gives doctors and the medical personnel a powerful tool which allows them to do their jobs with more security.
Published on December 13, 2018