Do you really need to use encryption to protect personal data?

Who's to know. Some argue that encryption is mandatory for businesses to protect personal data, in the other camp you will learn that it is not. So where is the truth?


To have or not to have encryption?

Although the GDPR General Regulation talks about taking appropriate technical and organisational measures, you won't read anywhere about making encryption mandatory. Why? Because it is only a recommendation, not an obligation.

If you are in business, you should take into account the risks involved in processing personal data. These include the destruction, loss, alteration, unauthorised disclosure of or access to such data. Encryption is recommended as one of the appropriate preventive measures.

What if I don't want to encrypt?

There are obviously many more options to ensure the level of security. You can also use other tools such as pseudonymizing personal data, restricting access rights to data, implementing regular testing and evaluation of the technical measures used.

The decision is up to you and your capabilities, but be sure not to be swayed by tales like One Lady Told.

If you want advice on how to ensure security and be fully GDPR compliant, get in touch. We'll be happy to help you find a solution that works for you.