Forums Community EU GDPR

This topic contains 4 replies, has 2 voices, and was last updated by  Svante 7 years, 1 month ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • March 23, 2017 at 14:56 #5799 Reply

    Rob

    Hello, is the paid 256bit encryption accepted by the up and coming GDPR as sufficient to protect customer/personal data?

     

    thanks

    rob

    March 23, 2017 at 15:08 #5800 Reply

    Giles

    Hi Rob.

    128-bit encryption is sufficient to satisfy the GDPR however encryption alone is not sufficient to satisfy your legal obligations.

    My suggestion would be to upgrade to 256-bit sooner rather than later because it’s a future-proofed key length in legal terms. Take a look at this website, choose your country and determine your needs.

    Depending upon the size of your company you may need a designated Data Protection Office appointed to oversee privacy matters.

    You also need appropriate policies in place, evidence of information security (full disk encryption, file encryption, data loss prevention, anti-virus, firewalls etc.), evidence of staff training, audit trails and much more. Europe are getting very strict and penalties for non-compliance or breaches will be severe.

    Here’s a quick and easy executive overview.

    March 23, 2017 at 15:11 #5801 Reply

    Giles

    TL;DR

    The US agency NIST require a 256-bit key length to protect data from 2016-2030 (and beyond) whereas the German agency BSI require at least 128-bit to keep data safe until 2022.

    Err on the side of caution.

    March 23, 2017 at 16:39 #5802 Reply

    Rob

    excellent thanks!

     

    March 24, 2017 at 08:11 #5822 Reply

    Svante
    Spectator

    Thanks Giles!

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
Reply To: EU GDPR
Your information: