United Kingdom: Information Commissioner's Office opened consultation on updated guidance on encryption as data protection measure

Description

Information Commissioner's Office opened consultation on updated guidance on encryption as data protection measure

On 13 May 2025, the United Kingdom Information Commissioner's Office (ICO) opened a public consultation on its draft updated guidance on encryption, open until 24 June 2025. The consultation seeks feedback on the ICO’s revised approach to encryption as a technical safeguard under the UK General Data Protection Regulation (UK GDPR).The guidance is aimed at data controllers, processors, and in particular data protection officers across all sectors. It explains when encryption constitutes an appropriate technical and organisational measure to safeguard personal data, noting that failure to implement it where necessary may result in regulatory action. The guidance covers various forms of encryption, including full disk, file-level, and Hypertext Transfer Protocol Secure (HTTPS) and offers practical advice on algorithm selection, management, and implementation.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2025-05-13
in consultation

On 13 May 2025, the United Kingdom Information Commissioner's Office (ICO) opened a public consulta…

2025-06-24
processing consultation

On 24 June 2025, the Information Commissioner’s Office (ICO) will close its public consultation on …