Hoping for some good advice here.
I have recently launched my first web app which includes a messaging system between two different user roles - professional, client.
Currently the messages in the database are not encrypted. However I recently had a conversation with a friend that suggested that I maybe should consider it with new rules that are coming in like GDPR. Not that I can find much information at all on GDPR at this point.
I have found a good post below that I would use to encrypt the data if starting from scratch but don't really like the idea of creating some kind of migration to loop through all the current unencrypted messages, encrypting them and then re-saving.
https://laracasts.com/discuss/channels/laravel/encrypting-model-data
The content of the messages aren't likely to be very personal at all, however it did occur to me that a professional may give their account number and sort code if asking for a deposit for a job. Not a requirement at all but possible. Not hugely sensitive either.
I do have it in the terms of use to not submit anything that they consider to be confidential to the site which I have been assured does cover me in the event that anything happened. However I am wondering what others might do, what the standard is and if there is anything else I should know. Is there anything that suggests it is mandatory? The site uses SSL.
Thanks in advance.
Ralph
