The opinion of the expert

    xCoreDisk by OxySec is a hardware encryption device that fully complies with the security levels required by the European Regulation 679/2016 (GDPR).

    Allows the creation of encrypted logical volumes for the storage of files and data absolutely protected.

    Article 32 of the GDPR expressly includes in the first paragraph of the letter A the encryption of data as one of the "appropriate technical and organizational measures" for the protection of personal data.

    The encryption of data, as a form of protection, also makes it possible to avoid, in whole or in part, the obligations to report breaches (so-called breach) to the guaranteeing authority (Art. 33) and / or to the interested parties (Art. 34) .

    In fact, the complaint to the data breach guaranteeing authority can be considered not mandatory when "the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons", as is the case with encrypted data and therefore illegible from anyone.

    Art. 34 expressly excludes the obligation to report to the interested parties (for example the customers, with obvious embarrassment for the data controller and commercial discredit) when "the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption".

    As a lawyer and advisor to GDPR compliance for companies, I can only approve and recommend using a "strong" encryption tool such as the xCoreDisk device.

Bergamo, May 11, 2018

    Giulio Marchesi

Chosen among the three finalists of the "Professional Digital 2017/18" Award of the Observatories of the Milan Polytechnic, category Lawyers.