United Kingdom: Information Commissioner's Office closes consultation on updated guidance on encryption as data protection measure

On 24 June 2025, the Information Commissioner’s Office (ICO) will close its public consultation on the draft updated guidance on encryption under the UK General Data Protection Regulation (UK GDPR). The guidance is aimed at data controllers, processors, and in particular data protection officers across all sectors. It explains when encryption constitutes an appropriate technical and organisational measure to safeguard personal data, noting that failure to implement it where necessary may result in regulatory action. The guidance covers various forms of encryption, including full disk, file-level, and Hypertext Transfer Protocol Secure (HTTPS) and offers practical advice on algorithm selection, management, and implementation.