What is Encryption?

Encryption is an added security measure. It involves converting human-readable data to ciphertext. This is so that it cannot be read by those who are not the intended recipients of the data. Only those with the key to decrypt the data can convert it back to plaintext. Decryption is the process of unscrambling encrypted data. 

What Types of Encryptions are There?

There are two main categories of encryption – symmetrical and asymmetrical. Symmetrical encryption means that the same key is used to encrypt and decrypt the data, whereas asymmetrical encryption uses a separate key for encryption (the “public key”) and decryption (the “private key”). The public key can be shared with anyone you need to communicate with, hence the name.  

The most common protocol for online encryption is Transport Layer Security (TLS); this uses an asymmetrical encryption to create a shared secret key without it being visible to outsiders, even if they can intercept the exchange, then uses the shared key as symmetric encryption for the session data. Websites that use this protocol are said to use HTTPS (Hypertext Transfer Protocol Secure). The URL of these sites will usually either begin with https:// rather than http:// or display a padlock symbol in the URL bar to show that the site is secure. 

How can Encryption Benefit Businesses?

  • Security: Encryption adds an extra layer of security to data processing activities. It helps to prevent data breaches as in the event of a device being lost or stolen, the data on the device will still be secured. Encrypted communications allow to exchange of data without the data being leaked. 
  • Privacy: Encryption prevents sensitive data being accessed by those other than the rightful owner or those who have been given explicit permission to access it. It can prevent interception from attackers, advertising networks and even governments. 
  • Integrity: Encryption also prevents malicious interference or tampering with data. 
  • Compliance: Under the GDPR, although there is no explicit requirement to implement encryption, according to Article 32, controllers and processors “shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk” and included encryption as an appropriate measure. 
  • Consumer Trust: Given the advances in technology and hence increased interest in data privacy, encryption is a measure many consumers are now more appreciative of. This can lead to a competitive advantage for businesses that implement encryption. 
  • Search Engine Improvement: Most of the search engines rank downwards websites that do not require encryption. 

What Options are Available for Businesses? 

As there are different types of encryptions which may be used, businesses should consider the risk level of their data processing activities when deciding which kind to use. At HewardMills, we have cyber security experts who can work with businesses to explore available options and identify their needs. 

If you would like to discuss this topic or anything else data protection and privacy-related, please contact us at dpo@hewardmills.com.