Encryption
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
Encryption and data protection
- What does UK data protection law say about encryption?
- Does this mean we must encrypt personal information?
- How do we decide whether encryption is appropriate?
- How should we consider the state of the art and cost of implementation of encryption?
- What happens if we don’t encrypt personal information?
- Is encryption relevant for other parts of UK data protection law?
- Does encryption remove the risks?
- If we encrypt personal information, does this count as processing?
- Is encrypted data still personal information?
Encryption and data storage
- What are the benefits of encrypting the data we store?
- What is full disk encryption?
- How do we implement full disk encryption?
- How do we encrypt our smartphones and tablets?
- How do we encrypt removeable media?
- How do we secure USB storage ?
- How do we encrypt individual files?
- What are the residual risks with encrypted data storage?
Encryption and data transfer
How do we implement encryption?
Encryption scenarios
- Encrypted email
- Encrypted attachments
- Encryption and the cloud
- Encryption and backups
- Sending personal information on physical storage media
- Faxing
- CCTV and video surveillance
- Photography and video cameras
- Body worn video (BWV)
- Unmanned aerial systems (UAS)
- Encryption and Internet of Things (IoT) devices