For the EU’s new data protection regulation, encryption should be the default option – and should be seen as a strategic partof the entire security system
Data breaches have become an everyday occurrence and numerous well-known organisations have been named and shamed, denting their reputations and wreaking financial damage. But any organisation, whatever its size or line of business, can be a target. Every organisation has some form of sensitive data such as financial records, customer details and employee information that is highly prized by criminals and the vast majority of organisations rely on technology to run their business. Technology, especially the use of disruptive technologies such as big data and cloud-based services, provides for greater productivity, flexibility and improved information access. But it also increases the chances that sensitive information can be inappropriately accessed, lost or stolen.
As well as this, there are many regulations and industry standards that require that stringent safeguards are applied to personal and sensitive data. Of these, the EU data protection rules affect many organisations. Now, they are set to get tougher, with higher sanctions available for non-compliance and affecting a wider range of organisations than previously.
This document discusses the changes being made to the European data protection landscape and suggests that encryption should be the default choice for protecting data. However, this should just be part of the overall data security strategy, which must be comprehensive and consistent.