Bespoke Tax Accountants

Specialist tax advice, accountancy and tax returns

01242 505970
info@bespoketax.com

  • Home
  • About Us
    • Meet The Team
    • Careers
    • Statutory Information
    • Privacy Policy
  • Who We Help
    • Personal and Family
    • Business
    • Our Clients
  • News
    • Making Tax Digital
  • Giving Back
  • Contact
  • Cloud Accounting
    • Xero

Security guidance on encryption and passwor

13th November 2018 By bespoketax

Security guidance on encryption and passwor

The Information Commissioner’s Office (ICO) has published updated security guidance on encryption and on passwords in online services under the GDPR.

The GDPR requires data controllers to implement appropriate technical and organisational measures to ensure they process personal data securely. Article 32 of the GDPR includes encryption as an example of an appropriate technical measure. The guidance suggests that:

  • Encryption is a widely-available measure with relatively low costs of implementation.
  • Data controllers should have an encryption policy in place that governs how and when they implement encryption, and they should also train their staff in the use and importance of encryption.
  • When storing or transmitting personal data, data controllers should use encryption and ensure that their encryption solution meets current standards.
  • Data controllers should nevertheless be aware of the residual risks of encryption and have steps in place to address these.

The ICO stresses that where unencrypted data is lost or destroyed, it is possible that it will pursue regulatory action.

Although the GDPR does not say anything specific about passwords, data controllers are required to process personal data securely by means of appropriate technical and organisational measures and passwords are a commonly-used means of protecting access to systems that process personal data. The guidance suggests that:

  • Any password setup implemented must be appropriate to the particular circumstances of the processing.
  • Data controllers should consider whether there are any better alternatives to using passwords.
  • Any password system that is deployed must protect against theft of stored passwords and “brute-force” or guessing attacks.
  • There are a number of additional considerations data controllers need to take account of when designing their password system, such as the use of an appropriate hashing algorithm to store the passwords, protecting the means by which users enter their passwords, defending against common attacks and the use of two-factor authentication.
  • Data controllers must not forget about their password system once established; they should carry out periodic reviews.

Filed Under: Uncategorised

Recent News

  • Tax Diary March/April 2021
  • Outcome of the Uber case
  • VAT Agricultural Flat Rate Scheme
  • Government to publish range of tax consultations

News Categories

  • Budget Summary
  • Business
  • Capital allowances
  • Capital Gains Tax
  • Construction Industry Scheme
  • Corporate Governance & Regulation
  • Corporation Tax
  • Duties
  • Employee Benefits
  • Employment & Payroll
  • Employment Law
  • Family Tax Credits
  • General
  • HMRC notices
  • Income Tax
  • Inheritance Tax
  • National Insurance
  • NIC & Pensions
  • Overseas personal tax issues
  • Overseas tax issues
  • Payroll
  • Pension
  • Personal
  • Practice News
  • Stamp Duty Land Tax
  • Tax credits
  • Tax Diary
  • Value Added Tax

About Us

Bespoke has a reputation for helping our clients make the most of their financial situations and in turn we have become a trusted extension of their business or family.

Bespoke assist with compliance requirements, providing specialist tax advice, and planning for now and the future.

Keep informed.
Sign up for our Topical Newsletter

Our FREE monthly newsletter will keep you up to date with the latest news related to the world of accountancy.

Register Here

Contact

Delta Place,
27 Bath Road, Cheltenham,
Gloucestershire, GL53 7TH
01242 505970
info@bespoketax.com

ICAEW Chartered AccountantsXERO Gold PartnerChartered Institute of TaxationMember of EISA

Copyright © 2021 · Bespoke Tax Accountants · Website by Culpepper & Co

.
This site uses cookies: Find out more.