Pseudonymization, Anonymization, Encryption

Personal Data Deindetification: Data Encryption

The GDPR is a much talked about set of regulations soon to go into affect. The regulation intends to give European Union citizens better control over how organizations use their personal information. The GDPR works to establish a baseline of personal rights and data protection for all EU residents to enjoy.

Among the requirements set forth in the new regulations, organizations will soon be required to notify individuals about how they are processing a person's personal data and they also must justify their reason for collecting and storing any kind of data they process. If an organization cannot prove a direct need in their business for holding onto a piece of data, it has to be deleted it.

The EU Parliament passed these regulations in April 2016 but they are not set to go into affect until the end of May 2018, and companies are hustling to ensure they are in compliance because failure to comply will prove costly. However, it is not just companies located in the EU who will be affected by these regulations.

Parliament has suggested that all countries who deal with information of people residing within the European Union must meet these requirements. While there is debate over whether or not they can extend such regulations to non-EU based companies and websites, many are taking early action in response to this possibility.

Regardless, being in compliance with the GDPR is no easy feat and penalties for noncompliance are serious. An organization that fails to meet the requirements could face fines up to 20 million euros (about $25 million USD) or 4% of their global annual revenue, whichever is greater. Now, while this is great motivation to pursue GDPR compliance no matter where your company happens to be located, preparing for these new regulations will also prove beneficial to your company.

Being GDPR compliant will help your company better understand your internal data process. It will also give you a better sense of what information is available to you, what to do with it, where it's stored, and how long your business keeps it. In addition, you need to have a solid understanding of how your business protects such data.

Data Encryption for GDPR

Data encryption is a critical part of GDPR compliance although there are no explicit GDPR encryption requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures."

Encryption is a very powerful security technique that converts or encodes messages and information into unintelligible form. It does so in a way that allows only authorized parties to access it. Unauthorized parties cannot access encrypted data. Data is encrypted using software that utilizes one or more cryptographic keys. Each key is made up of a string of random characters, like letters and numbers. A key converts (encrypts) the original plaintext data into encrypted ciphertext format.

Ciphertext format is secure because it can only be read once decrypted. The encryption keys can be used to convert and decrypt cipher text back into human readable plaintext data. Since this encryption process renders a set of information unreadable and, therefore, unusable to anyone who does not have a valid cryptographic key, GDPR encryption techniques can prove very beneficial to your company if a data breach is ever to occur.

The GDPR has set a strict requirement that all organizations must notify people in the event of a data breach within just 72 hours. If you encrypt your data, however, you will not have to comply with this requirement since any "leaked data" will be totally unusable and unreadable to any unauthorized individuals who view it. The reason is simple: if the data is unintelligible outside of your organization, no information has truly been leaked.

In conclusion, data encryption can prove to be highly effective for keeping your organization in GDPR compliance in combination with other measures. Data encryption can help you avoid harmful data breaches alongside expensive noncompliance fines and penalties.

About the Author

Ales Teska

TeskaLabs’ founder and CEO, Ales Teska, is a driven innovator who proactively builds things and comes up with solutions to solve practical IT problems.




You Might Be Interested in Reading These Articles

Customer interview: Read how Prodvinalco uses TurboCat.io for a file encryption

Data encryption is a critical part of GDPR compliance although there are no explicit GDPR encryption requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures.

Continue reading ...

gdpr data-privacy interview

Published on September 13, 2018

TeskaLabs has become a leader of Mobile Healthcare applications in the Health (in) Future Platform

Cellphone instead of a filing cabinet. Until quite recently, doctors at the IKEM hospital in Prague needed to perform photo documentation by first taking pictures with a digital camera, and then downloading and/or uploading them via a computer network to patient cards. A solution to this tedious and time-consuming practice was made possible through the use of mobile scanning technology.

Continue reading ...

healthcare data-privacy

Published on December 10, 2019

Personal Data Deindetification: Homomorphic encryption

Homomorphic encryption is a special type of encryption invented by IBM. Encryption is a critical part of GDPR compliance although there are no explicit GDPR encryption requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures.

Continue reading ...

gdpr data-privacy

Published on June 14, 2018