Who is required to encrypt?
With the new GDPR (General Data Protection Regulation of the EU) companies are not the only ones who must encrypt data. This new law also requires individuals, professionals, and organizations to start encrypting.
But let’s go by sections, what does Coding or Encrypting mean? These two words are synonymous and indicate a more or less complex process, which has the purpose of hiding the meaning of information to those who do not know the key so that it can be transformed later into something intelligible.
Just to give you an idea of how many regulations address the subject, I have included below a list of standards for companies and individuals (In Spain).
- GDPR
- LOPD
- RLOPD (Organic Law on Data Protection and its Development Regulation) for companies, self-employed and individuals in the event that the use strictly exceeds private and family activities) (Art. 101 and Art. 104)
- Patient Autonomy Law (Art 7.1)
- Law on the Prevention of Money Laundering (Art. 32)
- Public Administrations, National Security Scheme in Electronic Administration
- Deontological Code of the Spanish Lawyers (Art. 4)
This implies another very important list, those who must encrypt the sensitive data they manage (non-exhaustive example list).
- Public administrations
- Financial Institutions and Insurance Companies
- Law Firms
- Psychologists, Psychoanalysts, Psychotherapists
- Account Auditors
- Hospitals and clinics
- Notaries
- Individuals who do not use personal data only and strictly for private or family purposes.
We must be careful with the common and habitual way of thinking in that if it does not refer to a company or self-employed, we do not have to apply the LOPD. A clear example is when we publish sensitive data such as photos of minors or personal data in Facebook groups or in spaces where we do not even know all the participants. This habitual action is considered a violation, because the purpose is not strictly family related or private even if said group does not have a lucrative purpose. Decree 5/2009 of the EU working group.
The growing importance of Encryption – A bit of history
From Julio Caesar in his transmissions of war plans, passing through the famous Enigma Code from Nazi Germany (secretly deciphered by the English in World War II), to today’s modern computers; Encryption has evolved surprisingly, to the point that today it is not only recommended by the new EU regulation on data protection, but in some cases it’s even mandatory for companies or private entities.
The danger of the lack of protection of personal data in recent years became increasingly important globally. As a result the EU has been one of the first institutions in the world to begin a broad policy development, although it is far from being completed.
In this new era of shared global information, Encryption has reemerged as an important and powerful instrument far from the military, intelligence, and defense.
So, if were to make a strong encryption of sensitive information, even if someone intercepts or steals it and regardless of whether we know it or not, the alleged thief will not be able to cause any damage, since they have no knowledge of the password to return to the intelligible content.
There are many types of Encryption, but now we will only deal with those that are considered strong and that comply with the European regulations, such as the AES256 encryption, which Certifydoc use for its Encryption.
We will simply need to choose a keyword and with the encryption algorithm AES256 an unintelligible file will be produced from any source file. Without our keyword to Decrypt it or Decode it, the information will be useless and will be hidden for a long time.
How to Encrypt free online without registration and doing so anonymously
Certifydoc offers a free powerful Encryption service according to the EU regulations, directly from the user’s device, without requiring the documents to “travel”, without any registration and anonymously, by only using the most common browsers and the AES256 library Open Source*.
free without registration. free without registration.* Open Source: free and with source code controlled by everyone
In addition, if the objective is to encrypt and also certify the documents with a date certain and integrity, either photos or videos, Certifydoc provides the Strong AES256 encryption option directly during your certification process, watch the video tutorial without registering.
Encryption sources in the GDPR
Before finishing, I would like quickly mention the most important and new source that indicates where it is appropriate but mandatory to Encrypt data in the EU GDPR, precisely in Art 6. 4, e) + Art 32. 1, a) + Art 34. 3, a) + Consideration 83.
Art 6 is indicated above. 4, e)
Art 32 is indicated above. 1, a)
Art 34 is indicated above. 3, a)
Consideration 83 above.
Conclusions
– The new GDPR (General Data Protection Regulation of the EU), requires not only companies to encrypt but also individuals, professionals, and organizations.
– By Encrypting sensitive information in a strong way, even if stolen, will not cause any harm de facto.
– Certifydoc offers a free strong encryption service according to EU regulations directly from its website, without any registration, in a totally anonymous way and without having the files to leave the user’s device.
– Example of groups that are required to Encrypt:
- Financial Institutions and Insurance Companies
- Law Firms
- Psychologists, Psychoanalysts, Psychotherapists
- Account Auditors
- Hospitals and clinics
- Notaries
- Individuals who do not use personal data only and strictly for private or family purposes.
Mario Scalabrino
Latest posts by Mario Scalabrino (see all)
- Tech Barcelona. Interview with Mario Scalabrino Certifydoc - 10/11/23
- 2/7. It is also a distributed ledger - 08/09/23
- 1/7. It is an infrastructure - 11/06/23
- Legal framework and security of digital assets - 25/04/23
- PETEC Tuesdays on notarization with legal relevance and blockchain - 26/03/23
1 Comment.
[…] and especially that related to surgery and the health sector must be encrypted to comply with the RGPD and the LOPDGDD in terms of data retention and communications with patients, staff, and […]