Forums Community EU GDPR Reply To: EU GDPR

#5800 Reply

Giles

Hi Rob.

128-bit encryption is sufficient to satisfy the GDPR however encryption alone is not sufficient to satisfy your legal obligations.

My suggestion would be to upgrade to 256-bit sooner rather than later because it’s a future-proofed key length in legal terms. Take a look at this website, choose your country and determine your needs.

Depending upon the size of your company you may need a designated Data Protection Office appointed to oversee privacy matters.

You also need appropriate policies in place, evidence of information security (full disk encryption, file encryption, data loss prevention, anti-virus, firewalls etc.), evidence of staff training, audit trails and much more. Europe are getting very strict and penalties for non-compliance or breaches will be severe.

Here’s a quick and easy executive overview.