More
livechat

Loading

GDPR and SSL certificate. Is encryption necessary for compliance with the GDPR?

GDPR and SSL certificate. Is encryption necessary for compliance with the GDPR?

18-05-2018 15:47:40

General Data Protection Regulation (GDPR) is a 99-article regulation meant to protect the private data of Europeans in IT systems. Announced in 2016, covers a broad variety of topics and will go into effect as a requirement on May 25, 2018. GDPR applies to any company doing business in Europe even if it is located elsewhere.

GDPR has clear requirements that can only be addressed through the use of SSL certificates, though it does not contain any specific section on the use of SSL. Article 32 of the regulation ("Security") begins this way:

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

  1. the pseudonymisation and encryption of personal data;
  2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; [...]

In other words, GDPR states that regulated information must be protected with "appropriate technical and organisational measures," including encryption of personal data and the ability to ensure the ongoing confidentiality of systems and services.

If you're putting all your site pages under https and using certificates to authenticate and encrypt communications between internal systems, you're meeting the GDPR requirements for that component of data protection. And if you're not, you should be doing so anyway in order to protect your customers, protect your own business, and save yourself from unprecedented penalties of up to 20 million Euro.

Recent Posts

GDPR and SSL certificate. Is encryption necessary for compliance with the GDPR?
18-05-2018 15:47:40

General Data Protection Regulation (GDPR) is a 99-article regulation meant to protect the private data of Europeans in IT systems. Announced in 2016, covers a broad variety of topics and will go into effect as a requirement on May 25, 2018. GDPR applies to any company doing business in Europe even if it is located elsewhere.

GDPR and SSL certificate. Is encryption necessary for compliance with the GDPR?
Deadlines for replacing Symantec Group certificates
08-12-2017 14:11:50

In November this year we wrote about the need to replace SSL certificates issued by Symantec Group. Find out the dates when you need to re-issue your certificates.

Deadlines for replacing Symantec Group certificates
CA Comodo sold to Francisco Partners
07-12-2017 11:21:38

The majority of Comodo Certification Authority (CA) shares were sold to Francisco Partners for an undisclosed amount.

CA Comodo sold to Francisco Partners
more posts