Skip to content
Our work
What we do
Industries
  • Enterprise
  • Financial Services
  • Drinks & Hospitality
  • TV & Media
  • Health & Wellbeing
  • Travel & Tourism
  • Energy
Services
  • Agile Product Delivery Teams
  • Augmented Engineering Team
  • Web Application Development
  • Mobile Application Development
  • View All Services
  • Discovery & Estimations Workshops
  • Product & Technical Consultancy
  • UI, UX, Prototyping and User Research
  • Digital Innovation - AR/VR/IoT/Voice
About UsxDesignInsightsCareersContact Us
xDesign

How Transparent Data Encryption Can Help With GDPR

By Mairead Quigley

23 Apr 2018

In our latest mini blog series surrounding GDPR, xDesign's Head of Web Development, Chris Moss takes a look at GDPR will affect software development and how transparent data encryption can help you when adhering to the upcoming GDPR regulations.

With GDPR at all our doorsteps, everyone has (hopefully!) been busy preparing, checking and confirming that they have all of their bases covered when it comes to data privacy and protection. In the software development industry we are doing the same, however we have a few unique challenges when it comes to meeting the demands of the new legislation. Perhaps the most obvious challenge we face is the way that we could end up building with, and handling your clients and/or clients, clients data; especially if what you are building has a publicly accessible interface. Some food for thought?

What is Transparent Data Encryption?

A great way to deal with some data concerns is with Transparent Data Encryption (TDE). TDE works on an “at-rest” principle, meaning that all data is encrypted whilst the database is not being asked to provide any of that data. The decryption of data only happens when a request is being asked for by the application, then the database handles this directly on the server itself, by using its own engine and two key authentication, a master and a client key. Only if these keys are accepted will the data be returned to the client requesting the data.

Back to the circumstance of using clients data or just generally using real or live data, the best practice approach is not to use it at all, with GDPR this just opens up to many issues. To get around this is simple, you can utilise a system(s) to generate, or seed, fake data that will correctly represent the data in the columns and fields that you need to represent the real live data; This will help you to create the APIs, web applications and mobile applications whilst they are going through the development process. This removes the concerns of seeing, accessing and using real data and having full access to private information whilst you work on a project through its life cycle. The fake data is usually randomly generated and has no association to each other.

Privacy By Design

One of the first things that is often assumed is that there are levels of data security and these have different types of importance attached to them. With GDPR that's an assumption that will undoubtedly lead you down a bad path. Instead of looking at “normal” personal data as some sort of scaled thing; you should, especially now, treat all data as something that requires privilege to access, ask who is accessing it and protect it. This brings heavily into focus, the philosophy of Privacy by Design.

Privacy by Design isn't really a step by step guide or a set of rules to follow, but more of an ethos of thinking about the features you are building and how you will deliver these sections of work. Then asking who and why someone would need to access this data. What you build for your client needs careful consideration by you and your team, so you can deliver the best solution, that has taken into account the best practice to ensure you are doing everything in your power to keep that data you will present, create and update all is as protected as it can be.

A first step approach is always to look at how you are handling the data at the database level. Certainly in our case, this means if you need to encrypt part of the data stored, don’t just encrypt that individual section or part of the data. Instead take a more long term maintainable approach and set the encryption at the database level, this should be setup as Transparent Data Encryption. I truly believe that this is a first step approach that should not be overlooked, especially now. Don’t leave yourself or you client vulnerable.

At xDesign, we always design our mobile and web applications with a privacy first ethos and are always looking at the most up to date ways to keep our clients and their clients data as secure as possible. Want to know more? Check out our latest blog on our top tips for building GDPR compliant apps or contact us to find out how we can help.

By Mairead Quigley

23 Apr 2018

Share this article

facebook-logo twitter-logo linkedin-logo

More Articles

GDPR- Don't Forget Mobile Apps

The General Data Protection Act (GDPR) is set to take effect on 25th May 2018 and companies are putting in place measures to combat potential vulnerabilities where sensitive data could be lost.

5 Key Factors That Influence VR App Development Cost

We are witnessing the growth in popularity of virtual reality app development thanks to the availability of new technologies and consumer-friendly prices of VR gear and headsets such as Oculus Rift and HTC Vive. According to Statista, by 2020, the global VR market is expected to surpass USD 40 billi

The Progressive Web Apps vs. Native Showdown

The need for businesses to target and communicate with customers via mobile is now a given. Many companies are embracing the “mobile first” approach and it’s certainly not a case of *if* they should do it but *how* should they do it. Until recently, there were two main ways to engage customers via

The Progressive Web Apps vs. Native Showdown

The need for businesses to target and communicate with customers via mobile is now a given. Many companies are embracing the “mobile first” approach and it’s certainly not a case of *if* they should do it but *how* should they do it. Until recently, there were two main ways to engage customers via

GDPR- Don't Forget Mobile Apps

The General Data Protection Act (GDPR) is set to take effect on 25th May 2018 and companies are putting in place measures to combat potential vulnerabilities where sensitive data could be lost.

5 Key Factors That Influence VR App Development Cost

We are witnessing the growth in popularity of virtual reality app development thanks to the availability of new technologies and consumer-friendly prices of VR gear and headsets such as Oculus Rift and HTC Vive. According to Statista, by 2020, the global VR market is expected to surpass USD 40 billi

The Progressive Web Apps vs. Native Showdown

The need for businesses to target and communicate with customers via mobile is now a given. Many companies are embracing the “mobile first” approach and it’s certainly not a case of *if* they should do it but *how* should they do it. Until recently, there were two main ways to engage customers via

GDPR- Don't Forget Mobile Apps

The General Data Protection Act (GDPR) is set to take effect on 25th May 2018 and companies are putting in place measures to combat potential vulnerabilities where sensitive data could be lost.

5 Key Factors That Influence VR App Development Cost

We are witnessing the growth in popularity of virtual reality app development thanks to the availability of new technologies and consumer-friendly prices of VR gear and headsets such as Oculus Rift and HTC Vive. According to Statista, by 2020, the global VR market is expected to surpass USD 40 billi

The Progressive Web Apps vs. Native Showdown

The need for businesses to target and communicate with customers via mobile is now a given. Many companies are embracing the “mobile first” approach and it’s certainly not a case of *if* they should do it but *how* should they do it. Until recently, there were two main ways to engage customers via

View more articles

Got a question?
We’d love to hear from you.

Through digital consultancy, design and engineering, our team will find the solution that’s right for you.

Contact Us
xdesign-logo
Our workServicesAbout UsInsightsCareersContact UsPrivacy Policy
facebook-logo twitter-logo linkedin-logo

Belford House, Floor 2 - West, 59 Belford Road, Edinburgh, EH4 3DE, United Kingdom. +44 (0) 131 339 3838  [email protected]

Copyright © 2020. All Rights Reserved xSolutions365 Ltd

Contact Us