Encrypting customer data
"I want to understand if as per GDPR compliance if we need to encrypt customer data while storing in Database?
Assign topic to the user
Encryption is considered a good security measure under article 32 GDPR paragraph 1 letter a, so it is highly recommended when feasible.The Regulation, in fact, leaves up to the Data Controller to decide if the measure is appropriate to the risk for the rights and freedoms of natural persons, considering the state of art and the cost of implementation as well as the nature, scope, and purposes of the processing.
Whatever the choice will be, consider the accountability principle and explain in your internal policy why the data controller adopted or not such measure.
You can find more information here:
EU GDPR controller vs. processor – What are the differences?: https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/The obligations of controllers towards Data Protection Authorities according to GDPR: https://advisera.com/eugdpracademy/blog/2017/12/11/the-obligations-of-controllers-towards-data-protection-authorities-according-to-gdpr/How cybersecurity solutions can help with GDPR compliance: https://advisera.com/eugdpracademy/blog/2017/11/27/how-cybersecurity-solutions-can-help-with-gdpr-compliance/
You can also find some useful information in our free online GDPR Foundation Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Mar 16, 2020