Table of Contents
As a business owner, you will likely be aware of General Data Protection Regulation (GDPR) rules and that the Information Commissioner’s Office (ICO) can award large fines for any breaches. One of the main principles of the GDPR is to secure and safeguard personal data from theft, misuse and unauthorised access. Accordingly, an increasing number of business owners are turning to encryption technology to enable them to do so. This article will explore the security advantages of encryption and how your business can protect valuable and sensitive data through an encryption system.
What is Encryption?
Encryption is a mathematical system that encodes information so only authorised personnel with a decryption key can access it.
There are two main types of readily-available encryption today:
- symmetric encryption: this uses the same key to encrypt and decrypt data; and
- asymmetric encryption: this uses different keys to encrypt and decrypt data.
Both are secure methods of scrambling data so unauthorised users will see jumbled code rather than the actual wording. Encryption is widely considered to be more secure than a password system.
What Are Encryption Keys?
Encryption keys are pieces of code that ‘lock’ and ‘unlock’ encrypted data. In essence, they are lengthy, randomly selected passcodes that the system uses to translate the scrambled data back into its original form. They are similar to the lock on a safe. The lock itself will not work without the correct combination because the relevant levers will fail to intersect and create inner contact. Most encryption programs will give you a choice as to how long you wish the encryption key to be.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
Importance of Encryption Software Choice
It is essential to pick a robust and trusted piece of software. There are currently two major sets of encryption standards that you should aim to meet: FIPS 140-2 and FIPS 197. You should only use software that meets the minimum requirements of these encryption standards. Encryption methods and software can be slightly complex, so it is worth viewing the National Cyber Security Centre (NCSC).
Losing the Encryption Key
Unfortunately, losing the encryption key is one of the potential issues. The more secure you make a piece of information, the less likely you will be able to brute force your way back inside if you lose the key. After all, the point of encryption is that absent the key, no one can access that data.
The media brought the perils of losing encryption keys into the public eye through the story of James Howells, who threw away a hard drive containing encryption keys for bitcoin. Years later, Mr Howells calculated that the encryption keys would allow him to access £150m in bitcoin. Nevertheless, without the original hard drive, he could not access it and recover the money. Accordingly, it is vital to store encryption keys securely, as the consequences of their loss can be substantial.
GDPR on Data Encryption
Therefore, the ICO encourages encrypting personal data, as it makes the information more secure from cybercriminals. However, as with house locks, which remain susceptible to a locksmith and their tools, encryption methods are not infallible. Thus, it is worth keeping other safeguards in place. This includes, for example, password-protecting both USB sticks and relevant email attachments.
Key Takeaways
The ICO confirms that using encryption algorithms effectively protects against the unauthorised use of personal data. In this way, they will give merit to any business that sensibly uses encrypted content. Some business owners obtain specialist advice from data protection lawyers before implementing encryption solutions for peace of mind.
If you need help utilising encryption to comply with the GDPR, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
The main reason is that cyber criminals and authorised users can attempt to ‘crack’ a password by brute forcing multiple passwords. In contrast, encryption is viewed as an appropriate safeguard because secure encryption keys are near impossible to crack.
Alongside the storage of sensitive information, encryption can also help online safety by assisting international data transfers. For example, some software (including WhatsApp) has end-to-end encryption. End-to-end encryption means that only the sender and receiver have the appropriate encryption keys, so any interception of the message by someone else will read as random symbols.
We appreciate your feedback – your submission has been successfully received.