The GDPR specifically cites encryption as the leading tool to use, primarily pseudonymization, or the processing of personal data in such a way that it cannot be linked back to a data subject without additional information.
Say, for instance, that your Cloud service provider is breached, putting all of its customers’ data at risk. If your organization can prove that your data is safe because it is encrypted and you only control the encryption keys and not the breached party, then there may be no need to notify your own customers or incur fines. However, if the breached Cloud service provider has also access to the encryption keys to its customer’s data, then there is reasonable doubt that hackers could have accessed the data.
Well, this is where eperi Cloud Data Protection comes in: eperi leverages the principles of GDPR specifications for ‘Centralization’ and ‘Privacy by Design’ to implement a transparent data control layer allowing your organization to enforce data protection compliance via a single point of architectural control prior to sensitive data being stored or processed in Cloud services such as Office 365, Salesforce, ServiceNow, etc.