True GDPR Compliance Should Focus on Encryption … Well Done To Denmark

I have attended so many GDPR compliance talks, and I was surprised about how few companies were talking about encryption. Much of the industry perhaps lacks a bit of leadership from cyber security professionals in pushing forward the case end-to-end encryption.

Unfortunately, if it was left to companies such as Microsoft, we would continue on without any thought of encryption in our documents and emails. But a few countries in the world are now setting good standards in respect to GDPR.

On 1 January 2019, companies in Denmark will have to make sure that all sensitive emails are encrypted with end-to-end encryption (complying fully with Article 9 of GDPR). In this way, not even system administrators will be able to read user’s emails.

And so for an email system which has existed for over 40 years, it is quite shocking that we are only now starting to take the security of emails seriously. Ask Sony about how embarrassing the leak of corporate emails can be.

The move is likely to start a wave of change across the EU, as companies adopt the leadership of Denmark. With the increase in…