Use encryption to meet the GDPR!

Maybe you have noticed it. Privacy is an issue. A bit strange since there are only 4 days left until the new EU General Data Protection Regulation (GDPR) will become fully enforceable throughout the European Union.

So before end of May 2018 all organizations that process data of EU citizens must comply with this General Data Protection Regulation. Determining how to design and improve your systems to meet the GDPR is not straightforward. But using encryption makes processing and handling personal information that may not be exposed simpler.

Encryption software helps to protect personal information. But secure encryption software is hard to make. And can be hard to use. The largest, most experienced and deep pocketed software developers in the world, both commercial and open source, are constantly patching security vulnerabilities in software that has been in the wild and hardened over many years. It is arguably implausible for developers of a particular system to invent and deliver a security solution that is as good as or better than an off-the-shelf solution. Add to that the need to fully and clearly document how the custom security solution works for maintainers of the software and new developers to comprehend, maintain and extend the solution and the cost of training up those resources.

In general using encryption will help to protect privacy information in two ways:

  • For data at-rest: This includes all privacy information, so called storage objects, that exist on physical media on all forms. E.g. magnetic,optical disk, SSD, etc
  • For data in-transit: When personal data is being transferred systems, or system components, or programs, such as over the network, or internal APIs , or across a service bus. So all data that is ‘in-motion’.

But never ever develop your own encryption algorithms. We known it is fun, improves learning and makes you an excellent hacker. However the art and barriers to develop a good encryption algorithm is very high.

If you are interested in some SIMPLE python encryption examples, based on proven Python encryption algorithms, just check this Jupyter Notebook!

This blog post will be added (after rewrite) as an extension on the ‘Open Reference Architecture for Security and Privacy‘. We are working on an renewed version. Please join us!