Did anybody look into Microsoft BitLocker on a USB drive and if the encryption level of BitLocker would be sufficiently secure for GDPR?
In our stores we deal with Personal data and ship this between the stores and the office, an encrypted USB drive would be ideal for this purpose.
Arthur Vermeer.
Bitlocker is backed by multiple FIPS (CMVP and CAVP) validations. Windows 10 was Common Criteria validated as well, using the CAVP validations to back up its AES, XTS, RSA, and SHS implementations.
I'm not a fancy, big-city GDPR expert, but having been a CC/FIPS evaluator, it seems to me that if the cryptographic implementations are good enough for use by the US and allied national governments then they are probably good enough for GDPR.
Dear Arthur,
since there is no whitelist of products, there are two things that could very likely be cheked during a customer or government audit or if you need to present your crypto management during contract negotiation:
In terms of algorithms, there's nothing wrong with Bitlocker.
Key Management is completely up to you but might screw up the best encryption if not carried out properly.
Kind regards
Oliver