background-3234504_1280

Evaluating Encryption and Tokenization TRUE GDPR Coverage

In Blog by admin

Encryption can presumably address personal data access minimization.
BUT CAN IT?

Encryption has received a center stage, as it has been named a proper data privacy practice, alongside with pseudonymization.

Encryption is the name of a family of solutions that commonly replace a given value with an encrypted value, hence, presumably can be able to address personal data access minimization by Unix admins, DBAs, application users and production support – BUT CAN IT?

In this blog, I will provide a simple method to evaluate the pros and cons of the various encryption approaches available in the market today. For that, we will be positioning encryption/tokenization approaches in a multi-dimensional map against practical use case scenarios.

  1. Unix admins with root access to the database data-files and archives (hence, if abused or stolen, can see all data), they are regarded as trusted
  2. DBA admins and developers with production database access (if abused or stolen can see all data)
  3. Application admins, production support with super user privileges in the applications connecting to the databases
  4. End users, accessing personal data through application screens, queries and reports

Check with your respective encryption vendor their location in the map:

To summarize, before choosing an encrypted or pseudonymization (dynamic masking) approach, verify that you have clear view of the GDPR coverage, implication and business effect of your choice.

Keep safe!