Use Encryption for GDPR as a Best Practice
Although the European Union’s General Data Protection Regulation (GDPR) does not explicitly mandate data security encryption, it does require organizations to enforce the best security measures and safeguards. And there is no doubt encryption is among the top tools you can use to protect your data, whether your industry’s regulations call for it or not.
In the case of GDPR, despite not being a mandate, GDPR repeatedly mentions encryption and pseudonymization as appropriate technical and organizational measures for GDPR data security.
Encryption of personal data offers additional benefits for controllers and processors. If encrypted data is misplaced or there is a loss of a storage medium that holds encrypted personal data, the incident might not be considered a data breach in terms of penalties provided the incident is reported the data protection authorities.
When it comes to GDPR, you don’t want to mess around – just ask Facebook. The social media behemoth is embroiled in another possible violation, this time reporting a data scrape of its platform by malicious actors in 2019 and before September 2019. Since GDPR came into application in May 2018, this is well beyond the scope of the reporting timeframe. Once again, Facebook could face a hefty fine for not complying with GDPR.
Another $5 billion fine for Facebook may not be much for the Silicon Valley types, but it could probably bring down many of the SMBs 2W Tech partners with. Don’t let GDPR or any of your other regulatory obligations bring you down. 2W Tech’s Cybersecurity Compliance Program will get you in compliance no matter the industry you’re in. Contact us today to get started.