Skip to content
Log in

Safe harbour (encryption)

Definition

A provision in many breach notification frameworks that exempts organisations from individual notification obligations if the breached data was encrypted and the decryption key was not also compromised. GDPR Recital 83 and Article 34(3)(a) codify this; many US state laws include equivalent provisions.

Related terms

Covered Entity / Business Associate
Terms used in the US HIPAA framework. Covered entities are healthcare providers, health plans, and healthcare clearinghouses. Business Associates are contractors that...
Data fiduciary
The term used in India's Digital Personal Data Protection Act 2023 for an entity that determines the purpose and means of processing...
Notification trigger
The threshold condition that activates a legal notification obligation. Under GDPR the trigger is any personal data breach that poses a risk...
Personal data breach
Under GDPR, a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal...
Supervisory authority
The national data protection regulator responsible for enforcing GDPR in a given EU member state, such as the UK Information Commissioner's Office...

Explained in

  • Breach Notification Laws and ObligationsA provision in many breach notification frameworks that exempts organisations from individual notification obligations if the breached data was encrypted and t...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account