Security had always been central for the protection of confidentiality, integrity and availability of personal data.
With the increasing use of online and mobile applications, the advances of analytics and the Internet of Things, the need for data security is more important than ever, considering the risks of new exposed system vulnerabilities and cyber-attacks, as well the vast opportunities for data combination and end users’ tracking.
Still, security is not just about the application of one or more measures and no security measure alone can provide an adequate protection level for personal data. On the contrary, security for personal data needs to follow a thorough and continuously monitored framework of controls, both technical and organisational, appropriate to the nature of the data processing and the associated risks.
Due to ENISA’s very scope and objectives, security is its core operational objective on a number of areas, including personal data.
One dimension of our work is to support the adoption of Risk Assessment Methodologies and Security Measures in a variety of sectors and different types of data controllers and processors.
Another dimension is to study specific security measures that can contribute to the protection of personal data, such as Cryptographic Protocols and Tools, where a lot of effort has already been put.