Applying encryption to personal data will help lower risk for companies subject to the EU's General Data Protection Regulation, Bloomberg BNA reports. According to Lowenstein Sandler Privacy and Information Security Practice Chair Mary Hildebrand, CIPP/E, CIPP/US, the concept is relatively new in the EU but has long been applied in U.S. state data breach notification laws. WilmerHale Cybersecurity, Privacy and Communications Practice Co-Chair Benjamin Powell said encryption is "frankly encouraged" and "uniformly seen as something that is best practice and should be used for sensitive data." Allen & Overy partner Peter Van Dyck added, "The long-term reputational damage a company can sustain from data breaches caused by insufficient security makes the investment in security certainly worthwhile." Editor's Note: For more information on the GDPR, check out the IAPP's 10 operational impacts of the GDPR series.
If you want to comment on this post, you need to login.