Technical

Encryption

The process of converting data into a coded form so that only authorised parties can read it.

Encryption is a security measure that converts readable data (plaintext) into an unreadable format (ciphertext) using an algorithm and a key. Only someone with the correct decryption key can convert it back to the original form.

Types

  • Encryption at rest — protecting stored data (databases, files, backups)
  • Encryption in transit — protecting data as it moves between systems (see TLS)
  • End-to-end encryption — only the sender and recipient can read the data; the service provider cannot

Role in Data Protection

Encryption is listed in GDPR Article 32 as an appropriate technical measure to ensure the security of processing. It can also reduce the impact of a data breach — if the breached data is properly encrypted, notification to data subjects may not be required (Article 34(3)(a)).

Related Terms

Data BreachPrivacy

A security incident that leads to the unauthorized access, disclosure, or loss of personal data.

GDPRLegal

The General Data Protection Regulation — the EU's comprehensive data protection law, effective since May 2018.

TLSTechnical

Transport Layer Security — the protocol that encrypts data in transit between your browser and a website (the "S" in HTTPS).

HashingTechnical

A one-way mathematical function that converts data into a fixed-length string — used for password storage and data integrity.

TokenizationTechnical

Replacing sensitive data with a non-sensitive placeholder (token) that has no exploitable value on its own.

ePrivacy Directive