Encryption is a common solution when it comes to data security. It protects information from unwanted access, providing a safeguard against unauthorized or unlawful processing of data. Organizations processing large amounts of personal data should consider encryption alongside other measures, both technical and organizational, taking into consideration both the benefits and the risks it can offer. There are several situations when encryption is recommended, which should be carefully analyzed by data controllers. For example, e-mails are not necessarily something that should be encrypted every time. However, if certain e-mail contain sensitive personal data, encryption is definitely recommended.
Encryption will reduce risks associated with data processing since data will not be accessible without the correct key. Furthermore, encryption will help in the case of a data breach. The GDPR states authorities should be notified of any data breach within 72 hours. The individuals affected by the data breach should also be notified, unless the data is encrypted and the organization can prove there is no way for said individuals to be identified from the stolen data.