What concerns me most about this problem is the potential impact on the resolution when encryption at rest is applied. Let’s not duck our heads on this, anyone who deals with European personal data must have encryption at rest applied.
Hence, there was a very good possibility that the immediate resolution wasn’t available if EAR was applied and, if it wasn’t, any data accessible over the Internet contravenes the GDPR.
I still can’t believe EAR isn’t discussed more. There are some horrendous problems applying EAR when container fields storing external data are concerned, resulting in a decision whether to accept FileMaker’s (the software not the company) log result and alert that the files are not fit for use, or to abandon all hope of successfully enabling EAR.
For something so important to current data privacy, this subject remains almost invisible within discussions.