The GDPR regulations do not contain any specific rules relating to SSL certificates BUT the regulations can only be met correctly with the use of an SSL certificate. Read below for more information:
Article 32 (Security) of the regulation begins this way:
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
What data needs protecting?
The regulation includes nearly any personal data including PII (personally identifiable information), PHI (personal health information), web usage information, and a set of personal characteristics such as race, sexual orientation, and political opinion.The good news for you is that from an SSL perspective GDPR aligns with well understood best practices anyway. If you make your website secure so all your pages load with https using certificates to authenticate and encrypt communications between internal systems, you're meeting the GDPR requirements for that component of data protection.
No comments:
Post a Comment