GDPR has been around for two years. We’re all GDPR compliant now, aren’t we? Not really. We’ve noticed that companies are still struggling with certain misconceptions. This week, we’ll discuss three of these pitfalls. Today’s topic is GDPR misconception 2: Encryption = safety.
One of the steps a company can take to secure its digital data is using data encryption. Companies encrypt files and data to arm themselves against the catastrophic consequences of a potential data leak. Hackers can’t do much damage if all data are encrypted.
But that’s not enough. A secure GDPR policy also requires other safety measures. If hackers should crack the encryption software’s password or PIN code, they’ll be able to decrypt and use the stolen data. That’s why additional security measures, such as two-factor authentication (e.g. a password combined with a security question), should be implemented.
Data security is also directly linked to the mindset of the people who handle data: your employees. Raising general awareness is essential: it encourages employees to make a habit of permanently removing personal data they no longer need.
To conclude, anonymisation is also a possible solution for businesses who want to store data for purposes such as marketing analysis. Anonymised personal data are still usable, but can no longer be linked to individuals.