Encryption
-
The Data (Use and Access) Act 2026 got Royal Assent on 19 June 2025. All the provisions affecting data protection law and the Privacy and Electronic Regulations Communications are now in force. The Department for Science and Innovation (DSIT) has set out the commencement plans. You can find more details on the Gov.uk website.
Encryption and data protection
- What does UK data protection law say about encryption?
- Does this mean we must encrypt personal information?
- How do we decide whether encryption is appropriate?
- How should we consider the state of the art and cost of implementation of encryption?
- What happens if we don’t encrypt personal information?
- Is encryption relevant for other parts of UK data protection law?
- Does encryption remove the risks?
- If we encrypt personal information, does this count as processing?
- Is encrypted data still personal information?
Encryption and data storage
- What are the benefits of encrypting the data we store?
- What is full disk encryption?
- How do we implement full disk encryption?
- How do we encrypt our smartphones and tablets?
- How do we encrypt removeable media?
- How do we secure USB storage ?
- How do we encrypt individual files?
- What are the residual risks with encrypted data storage?
Encryption and data transfer
How do we implement encryption?
Encryption scenarios
- Encrypted email
- Encrypted attachments
- Encryption and the cloud
- Encryption and backups
- Sending personal information on physical storage media
- Faxing
- CCTV and video surveillance
- Photography and video cameras
- Body worn video (BWV)
- Unmanned aerial systems (UAS)
- Encryption and Internet of Things (IoT) devices