Skip to main content
banner image
venafi logo

Why Encryption Should Be the Next Step in Operationalizing GDPR Compliance

Why Encryption Should Be the Next Step in Operationalizing GDPR Compliance

Why Encryption Should Be the Next Step in Operationalizing GDPR Compliance
July 3, 2019 | David Bisson

It’s been more than a year since the European Union’s General Data Protection Regulation (GDPR) took effect and shifted the conversation around user privacy/information rights. In that span of time, we’ve already witnessed the new standard at work. Perhaps its most monumental show of force came in January 2019 when French data regulator CNIL fined Google 50 million euros for a breach of GDPR with respect to its advertising practices, as reported by BBC News.

Given such penalties, you would think that organizations who store EU citizens’ data, particularly those located in the European Union, would be increasing their security spending so that they’re not the next victim of a data breach. But new research from Thales reveals that’s not happening. At least not as much as it was.


In its 2019 Thales Data Threat Report European Edition, the multinational company found that the percentage of European IT decision makers (ITDMs) who expected their IT security spending to increase over the next year fell by nearly half from 72 percent in 2018 to 41 percent a year later. Thales also found that those predicting a decrease in their security spending doubled in 2019 18 percent. So too did the percentage of those who thought their spending would remain the same going forward (21 percent of ITDMs in 2018 compared to 42 percent in 2019).

These findings beg a question: what’s behind this diminishing momentum for EU organizations in their GDPR compliance efforts? Thales feels the answer is that many organizations are pursuing a gradual approach to their compliance efforts. As it writes in its report:

“…They have developed consistent data security and compliance processes in order to demonstrate readiness. However, these have often been developed on a manual basis, with plenty of scope remaining to achieve compliance on an automated basis. In other words, data security and GDPR compliance are yet to become operationalized into business-as-usual.”

That’s not to say these organizations don’t have plans for the future, however. Thales’ report found that just under half of firms covered under its study support various data security technologies. Those that don’t said they have plans to implement various new technologies in support of their digital security over the next year.

Among all other security measures, file encryption, database encryption and encryption in the cloud were at the top of organizations’ to-do lists going forward. Even more specifically, Thales found that encryption of data stored at the service provider (with keys managed by the provider) as well as support for hardware security modules (HSMs) were among organizations’ top concerns for their software-as-a-service (SaaS) deployments.

These worries are actually welcome news for encryption, as many organizations currently don’t implement encryption all that much. Indeed, Thales found that just 27 percent of European organizations use encryption to secure email messages, data at rest on PCs and info stored within data centers. There’s clearly an opportunity for more EU organizations to begin using encryption.

But it’s not that simple. When this other 63 percent of organizations embrace encryption within the coming year, they need to make sure they do it right. That includes making sure they have complete visibility over their new keys and certificates. This posture is imperative for detecting potential security incidents, foiling data breaches and complying not only with GDPR but also a range of other data protection regulations that emphasize the importance of maintaining a strong security posture for encryption.


Related posts

Like this blog? We think you will love this.
Featured Blog

What Is Encryption Key Management?

Why Is Key Manag

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more