While the GDPR does not require personal data to be encrypted, many organisations rightly recognise that a properly implemented and managed corporate policy to encrypt data at rest and in transit can be extremely valuable.
Data Encryption is certainly not a silver bullet for compliance with the GDPR; for example, data will need to be decrypted for use, presenting the risk of improper access or dissemination by employees or partners. Nevertheless, encrypting your data can provide a vital second line of defence by ensuring that many types of breach will have no practical impact. And in terms of accountability, organisations may consider that any failure to take what is a relatively simple technical action might reflect badly on them in the event of a regulatory investigation.
Encrypting a single file or disk is easy even for non-technical users. Encrypting data of all kinds across hundreds of sources without impacting performance, and managing all the related keys and safeguards over time, is a major challenge.
Northdoor offers a comprehensive Data Encryption Service that simplifies the creation and management of data encryption policies across on-premises and cloud-based systems. Sensitive data can be automatically locked down, and access rights can be securely granted to employees and partners on an as-needed basis, with automatic revocation to keep data safe. The solution provides a single point of control for encryption, dramatically reducing the workload for IT personnel while improving the overall security posture.