The EU’s General Data Protection Regulation (GDPR) enters into force on 25 May 2018. It stipulates that personal data relating to EU citizens must be protected. The GDPR also applies to companies operating outside the EU that hold data on EU citizens. Anyone failing to comply with the provisions on data protection risks a heavy fine.
Two kinds of measures are required to ensure compliance with the GDPR:
- Organizational measures
- Technical measures
Companies are advised to appoint an internal data protection officer, who will help them to review their processes and to structure and classify their data. This is the first step.
They must then protect data that come under the GDPR against unauthorized access.
Essential measures: encryption and HSM
The measure explicitly mentioned in the GDPR for protecting data is encryption. It is important to note here that the encryption keys themselves must also be protected, otherwise it is no better than locking your front door and then leaving the key on the doorstep so anyone can get in. To prevent a situation like this, encryption keys should be stored on a dedicated device known as a hardware security module (HSM). Primus Hardware Security Modules from Securosys are ideal for this purpose because they can easily be integrated into any environment. There is an alternative for companies that do not have the time or capacity to select and implement their own HSM: HSM as a Service with Securosys Clouds HSM.
For further information on HSM contact us
Articles on this topic:
Encrypting your database and storing the keys on an HSM is the best way to protect your data. Even if the database is stolen, the thieves will not be able to access the data because the encryption keys cannot be taken from the HSM. There are three options for encrypting your database: Transparent Data Encryption (TDE), a database encryption proxy or encryption of data sets in the processing application. Our story explains which methods of database encryption methods is most suitable for GDPR in a variety of scenarios.
Protecting an Oracle environment requires a Securosys Primus HSM together with a supporting library implementing the standard interfaces such as Microsoft Cryptographic Service Provider (MS CNG), Java JCE and PKCS#11. Data are encrypted and decrypted using Transparent Data Encryption (TDE). The installation and benefits of this solution are described by Marcel Suter of our partner firm libC Technologies SA in a solution brief.