The world looks to Denmark for strong leadership in encryption

The four core pillars of GDPR are: citizen rights to their data; incident response; pseudo-anonymity; and encryption. Most countries of the world, though, are still struggling with these things, and especially when it comes to encrytion. But one country in the world … Denmark … has decided that enough is enough and had mandated for encryption.

For them they have taken Article 9 of the GDPR (‘processing of special categories of personal data’) and made it mandatory to encrypt senstive data. For me, this type of approach MUST be applied into every country which complies with GDPR, and it should scale across both the public and the private sector. In Denmark this will apply to any organisation which does business in Denmark, or will relate to any Danish citizen. While it only relates to the data in transit — such as using TLS sessions — it shows a move towards encryption-by-default.

Encrypting email

From 1 January 2019, companies in Denmark also have to make sure that all sensitive emails are encrypted with end-to-end encryption (complying fully with Article 9 of GDPR). In this way, not even system administrators will be able to read user’s emails.

And so for an email system which has existed for over 40 years, it is quite shocking that we are only now…