Forums Community EU GDPR

This topic contains 4 replies, has 2 voices, and was last updated by  Svante 7 years, 8 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #5799 Reply

    Rob

    Hello, is the paid 256bit encryption accepted by the up and coming GDPR as sufficient to protect customer/personal data?

     

    thanks

    rob

    #5800 Reply

    Giles

    Hi Rob.

    128-bit encryption is sufficient to satisfy the GDPR however encryption alone is not sufficient to satisfy your legal obligations.

    My suggestion would be to upgrade to 256-bit sooner rather than later because it’s a future-proofed key length in legal terms. Take a look at this website, choose your country and determine your needs.

    Depending upon the size of your company you may need a designated Data Protection Office appointed to oversee privacy matters.

    You also need appropriate policies in place, evidence of information security (full disk encryption, file encryption, data loss prevention, anti-virus, firewalls etc.), evidence of staff training, audit trails and much more. Europe are getting very strict and penalties for non-compliance or breaches will be severe.

    Here’s a quick and easy executive overview.

    #5801 Reply

    Giles

    TL;DR

    The US agency NIST require a 256-bit key length to protect data from 2016-2030 (and beyond) whereas the German agency BSI require at least 128-bit to keep data safe until 2022.

    Err on the side of caution.

    #5802 Reply

    Rob

    excellent thanks!

     

    #5822 Reply

    Svante
    Spectator

    Thanks Giles!

Viewing 5 posts - 1 through 5 (of 5 total)
Reply To: EU GDPR
Your information: