On 13 May 2025, the United Kingdom Information Commissioner's Office (ICO) opened a public consultation on its draft updated guidance on encryption, open until 24 June 2025. The consultation seeks feedback on the ICO’s revised approach to encryption as a technical safeguard under the UK General Data Protection Regulation (UK GDPR).The guidance is aimed at data controllers, processors, and in particular data protection officers across all sectors. It explains when encryption constitutes an appropriate technical and organisational measure to safeguard personal data, noting that failure to implement it where necessary may result in regulatory action. The guidance covers various forms of encryption, including full disk, file-level, and Hypertext Transfer Protocol Secure (HTTPS) and offers practical advice on algorithm selection, management, and implementation.
Original source