Encryption

You are here:
< Back

Encryption is the process of encoding a message or information in such a way that only authorised parties can access it and those who are not authorised cannot.   Authorisation is often provided in the form of an alphanumerical decryption key, which can be of different lengths, often measured in ‘bits’.  A 256 bit encryption key is often considered to be robust. 

Encryption denies the intelligible content to an unauthorised individual, but in principle it is possible to decrypt the message without possessing the key.  Therefore encrypted data, like pseudonymised data is still considered to be in scope of GDPR but is again considered to be a good ‘technical or organisational measure’.

This article can be read in conjunction with the anonymisation & pseudonymisation articles

Previous Derogations
Next High Risk Assessment
Table of Contents