Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.185 Encrypt sensitive information

This document contains the details of the security requirements related to the definition and management of data access in the organization. This requirement establishes the importance of protecting sensitive data using safe cryptographic mechanisms in order to avoid information leakages.


All stored sensitive information must be encrypted.


Systems usually store personal data, credentials and other types of sensitive information. All of these must be encrypted before being stored using safe cryptographic mechanisms. Doing so prevents unauthorized actors that may have accessed the storage system from obtaining the information.


  1. GDPR. Recital 45: Protecting sensitive personal data. Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms.

  2. GDPR. Art. 32: Security of processing.(1)(a). The controller and the processor shall implement appropriate technical and organizational measures to ensure an appropriate level of security, including the pseudonymisation and encryption of personal data.

Service status - Terms of Use