The ICO guidance on encryption sits alongside the Guide to the GDPR and helps understanding the importance of encryption
It includes several recommendations for organisations, outlining the concept of encryption in the context of the GDPR’s integrity and confidentiality principle, and particularly Article 32 on security processing and provides a summary of current forms of encryption and the considerations one should have when putting it in place, along with outlining residual risks. Furthermore, it provides a number of scenarios where personal data is processed, outlining how encryption can be used to safeguard such data in respect of each scenario, and detailing some of the risks that remain.
Click here for ICO’s guidance on encryption.