Relax, the standards bods at European Telecommunications Standards Institute (ETSI) have you covered.
Covered, that is, if you implement its latest encryption standards.
ETSI's Technical Committee on Cybersecurity announced it has released two Attribute-Based Encryption standards designed to help organisations apply access controls to the personal data that European companies have to protect to comply with GDPR.
The aim is to make sure that personal data can only be decrypted if the attributes on a user's key match the encryption attributes.
ETSI reckons attribute-based encryption makes it easier to protect data with “secure by default” access control – access isn't bound to user name and password, for example, but rather to pseudonymous or anonymous attributes.
Standardisation also makes interoperability easier, the standards body says.