For more information about Cardwave and our services please call us on
+(44) 1380 738395
or email us at


6c Hopton Industrial Estate
SN10 2EU


Cardwave blog: sharing industry and market news, product reviews and launches, opinions, case studies/testimonials, and posts on our community interest and support.

< Back to Blog

The requirements for encryption under the GDPR

23rd November 2018

It’s been just over six months since the GDPR came into force with some organisations still not being compliant and others still not understanding key aspects of the regulation or the relevance to their business.

There’s no denying that the new legislation is complex, there’s a lot to get to grips with, but there are some quick wins to be had. If you haven’t yet taken steps to ensure valuable data is fully protected from unauthorised access when working remotely or on the move, read on.

Data encryption and pseudonymisation are the only two technology measures specifically mentioned in the technology-agnostic regulation. Article 32 of the GDPR highlights “the pseudonymisation and encryption of personal data” as one of the “appropriate technical and organisational measures to ensure a level of security appropriate to the risk”.

What does this mean, what is mandatory and what can you do?

Pseudonymisation is a data management and de-identification procedure by which personally identifiable information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms.

GDPR encourages “pseudonymisation” of personal data and it is mentioned 15 times in the regulation. The concept of personally identifying information lies at the core of the GDPR. Any “personal data”, which is defined as “information relating to an identified or identifiable natural person ‘data subject’”, falls within the scope of the Regulation.

Encryption is the process of converting information or data into a code, especially to prevent unauthorised access and is a way of safeguarding against unauthorised access to data.

There are various encryption options available for your various requirements, however always ensure that you are using hardware encryption rather than software encryption, especially for portable devices.

A simple, yet effective way to safeguard data on the move, and be GDPR compliant, is to use a hardware encrypted USB. Cardwave offers an award-winning (Computing Security ‘New Product of the Year’ 2018), AES 256-bit XTS hardware encrypted USB, named SafeToGo® Solo.

With a hardware encrypted USB drive such as SafeToGo® Solo, all the information relating to the encryption and decryption of data, along with access control counters, are implemented in a crypto module (sealed in resin) located inside the USB itself (not in a PC).

This clever crypto module will shut down the USB and keep any data stored on the drive safe in the event of unauthorised access attempts. Unlike a software-based solution, hackers cannot run analysis utilities on the USB to locate and reset the control counters.

By shutting down the USB, a parallel attack, where data is copied and shared to multiple devices to increase the chances of unlocking the data, is also prevented.


Although pseudonymisation and encryption can be effective methods of safeguarding your data for different reasons, these measures alone won’t fully protect your organisation. Effective and robust cyber security requires an ISMS (Information Security Management System) built on three pillars: people, processes and technology. This three-pronged approach will help your organisation defend itself from both highly organised attacks and common internal threats, such as accidental breaches and human error.

To find out more about SafeToGo® Solo see

See our other articles on encryption here:


Sources: IT Governance, Wikipedia, Cardwave

, , , , , , , , ,

Raspberry Pi

Cardwave are delighted to be recognised by the Raspberry Pi Foundation for being a valued partner and supplier. We have enjoyed a close business relationship with the foundation since the massively successful launch of the Raspberry Pi in early 2012. Cardwave works with memory distributor, Xel Electronics, who supply Samsung SD cards to Premier Farnell and RS Components, two of the companies authorised by the charity to supply the Raspberry Pi. We are pleased to work with the foundation again on this superb SD card offering. Visit website

"Partnering on another great offering from Raspberry Pi"

>Read more