These days, it is safe to say that the most frequently asked questions are all about GDPR. What does it mean? How does it affect us as an organisation? And what do we need to do to become compliant?

In this post, I address one main question about the encryption of documents stored in HighQ: How can I be sure my data is safe in the cloud?

Of course, we have our security measures that allow us to protect and encrypt our data at rest, but a few years ago, HighQ introduced Encryption Key Management (EKM). EKM provides control over where the document encryption keys are stored—a capability that is becoming more and more important because of GDPR. And with EKM, you can store the encryption key for documents on premises!

The reason why data encryption is so important in the context of GDPR is that if a data breach occurs and the encryption keys are stored on premises, it will isolate the data breach to only your organisation. Your clients and external users working in HighQ will not be affected, because there is proof that the encryption keys are still under your control.

With EKM, you can provide satisfying answers to questions from your company and clients who demand and deserve the best data security possible. EKM allows you to remove any lingering concerns about hosted or cloud-offered services.

If needed, you can install EKM in different jurisdictions, and you can choose which Key manager should be used for each specific HighQ site. You can save this setting in a site template, then when new sites are created, it will default back to the applicable Key manager.

  • Keys are generated with AES 256-bit encryption.
  • The key manager can be changed at any time, and keys are migrated accordingly.
  • Each site in HighQ has its own unique encryption key, and the files in that site are encrypted using that specific key.
  • The key manager is only responsible for the creation and storage of keys.

In summary, EKM provides new answers to GDPR-related security questions about how personal data is secured in HighQ.

For those who are already HighQ customers, I encourage you to reach out to your Customer Success Manager (CSM). They can help you scope a project to determine how best to fit EKM into your existing infrastructure.

If you are not already a customer, but would like to learn more about EKM or HighQ for GDPR Oversight, you can contact us anytime.

Sebastiaan is responsible for all client success and solutions teams in EMEA. Sebastiaan has a wealth of experience, having worked with many of the leading law firms in Europe for the last 12 years in delivering new technology solutions that can be used internally as a new business or client facing.