The Information Commissioner has published some useful plain English guidance on Encryption and the GDPR.
The guidance sits alongside their GDPR Guidance and aims to help organisations understand the importance of encryption in the context of the GDPR’s integrity and confidentiality principle, and particularly Article 32 on security processing.
It does this through
- a summary of current forms of encryption and the considerations you should have when putting it in place, along with outlining the residual risks
- a series of scenarios, outlining how encryption can be used to safeguard processed data in that example and detailing some of the risks
- recommendations that encryption be used when storing or transmitting personal data because it is now widely available and at a relatively low cost
As such it is a useful reminder of encryption basics and what organisations need to consider when considering its use.
Read more on the ICO website.