Data encryption, because today it is so fundamental in computer science

Data encryption is one of today's most effective tools for fighting cybercrime. But what exactly is it and how does it work? Why has it become so central since the advent of the GDPR?

Encryption is a system essentially based on cryptography, a process that uses a coding algorithm (which operates by transforming a set of characters) and a secret key-password, necessary for decoding data. Secrecy is the prerequisite for any data encryption system.

Data encryption is certainly a transparent procedure for the user, and in the same way it is able to protect information by offering high security standards. It is clear how this contributes to a decidedly higher degree of data security and protection: the encryption system is in fact designed specifically to make a message illegible to those who do not have the decoding key of the message itself.

But why is encryption playing such an important role today? In the internet age, we are witnessing the unprecedented proliferation of news and information, also (and above all) sensitive. In a directly proportional way, the chances of suffering attacks or theft of information and data increase. For these reasons, the introduction of complex systems capable of guaranteeing a high level of data confidentiality is even more necessary and strategic. Data encryption as we know it today is still "plastic" material, constantly evolving and able to refine thanks to technological progress.

The vulnerability of a data encryption system can mainly lie in two factors: the password and the backups.

The password is the only key that allows everyone to decipher the data; it goes without saying that it must be known only by the user. If someone came into possession of the password, they would be able to activate and deactivate the system without problems, and therefore have access to all the data. The security of the entire infrastructure would collapse like a sand castle.

The second potential problem is data backups. In fact, they too should be encrypted or, in any case, placed on an encrypted medium. In some cases, in fact, there are users who first take care to encrypt the file system (or the support) but who, subsequently, replicate the backup data on other supports, frustrating everything.

The undisputed advantage of a data encryption system is that of raising a real barrier to protect privacy, capable of repelling even very violent attacks. This allows a level of data protection that is unmatched in the modern technological landscape.

As we said, the core of the data encryption system is the password, which allows the decoding of the encrypted data so as to make it intelligible to the recipient. This is a crucial step: when choosing, it is necessary to pay attention in generating the password, being careful to choose an original one, keeping it secret and making it complex.

Modern operating systems (Windows, Mac, GNU / Linux) allow you to encrypt the file system, that is, to hide all data within the system itself (photos, videos, documents, history, e-mail). Typically, encryption can be unlocked by entering the password / access code. This is very valuable in case of theft or loss of your phone or laptop: if the data is encrypted, in fact, and the person who stole the device is not aware of the password, it will not be able to access the contents in any way.

With the entry into force of the new European regulation on the protection of personal data, cryptography has suddenly become one of the most cited, applied and feared areas of cyber security, both in public administrations and in private companies. On the other hand, article 32 of the regulation is quite explicit: among the technical measures that the owner or manager of the treatment must implement, in order to guarantee the security of the personal data processed, the encryption of personal data is mentioned.

GDPR itself provides that the owner (or manager) should evaluate the risks inherent to the processing, implementing measures to limit them, such as encryption or "pseudonymisation", which provides that the information is kept in a form that prevents user identification .

In the GDPR, therefore, the approach is based on the concept of treatment risk, underlining how it will be the care and responsibility of the data controller to identify the most suitable security measures for the protection of personal data. The choice of encryption to guarantee this principle will be the result of a preventive risk assessment (modus operandi indicated by the GDPR) and no longer from the entry into force of some decree law.