Arthur van der Wees --- article from June 1, 2017
Post# of 82688
(Total Views: 193)
Posted On: 08/20/2018 1:48:10 PM
Arthur van der Wees --- article from June 1, 2017
https://vaultive.com/data-control/
https://vaultive.com/data-control/
Quote:
ENCRYPTION
Encrypting data and maintaining the encryption keys on site would not have spared an organization from falling victim to such an attack. However, it would enable the exposure to be significantly reduced. This would allow an organization to convey, with confidence that, by maintaining the original encryption keys on-premises, they were in complete control of the data, even when it was encrypted by the attackers using another set of keys.
ACCOUNTABILITY
The GDPR is aimed to give data control back to the data subjects. Encryption is mentioned four times in the GDPR, which will enter force within one year, on 25 May 2018. It is explicitly mentioned as an example of a security measure component that enables data controllers and data processors to meet the appropriate level of state-of-the-art security measures as set forth in Article 32 of the GPDR. In real-life examples, such as WannaCry and similar ransomware hacks, it can also make the difference between control and loss of data, and the associated loss of trust and reputation.
The GDPR it is not about being compliant but about being accountable and ensuring up-to-date levels of protection by having layers of data protection and security in place to meet the appropriate dynamic accountability formula set forth in the GDPR. Continuously.
So, encryption can not only save embarrassing moments and loss of control after the ransomware or similar attacks, but it can also help organisations to keep data appropriately secure and therefore accountable.
(0)
(0)