Skip to content
LegalVision UK

How Can Using Encryption Help My Business in England Avoid a Fine From the ICO?

Avatar photo

By Thomas Sutherland

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Table of Contents

As a business owner, you will likely be aware of General Data Protection Regulation (GDPR) rules and that the Information Commissioner’s Office (ICO) can award large fines for any breaches. One of the main principles of the GDPR is to secure and safeguard personal data from theft, misuse and unauthorised access. Accordingly, an increasing number of business owners are turning to encryption technology to enable them to do so. This article will explore the security advantages of encryption and how your business can protect valuable and sensitive data through an encryption system. 

What is Encryption?

Encryption is a mathematical system that encodes information so only authorised personnel with a decryption key can access it.

There are two main types of readily-available encryption today:

  1. symmetric encryption: this uses the same key to encrypt and decrypt data; and
  2. asymmetric encryption: this uses different keys to encrypt and decrypt data.

Both are secure methods of scrambling data so unauthorised users will see jumbled code rather than the actual wording. Encryption is widely considered to be more secure than a password system.

What Are Encryption Keys?

Encryption keys are pieces of code that ‘lock’ and ‘unlock’ encrypted data. In essence, they are lengthy, randomly selected passcodes that the system uses to translate the scrambled data back into its original form. They are similar to the lock on a safe. The lock itself will not work without the correct combination because the relevant levers will fail to intersect and create inner contact. Most encryption programs will give you a choice as to how long you wish the encryption key to be.

The ICO recommends that you pick a sufficiently long key to protect the data over its life rather than its creation time. For example, if you create a document that you believe may be in use for ten years, you should pick a longer encryption key length to remain secure for at least a decade.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

Importance of Encryption Software Choice

It is essential to pick a robust and trusted piece of software. There are currently two major sets of encryption standards that you should aim to meet: FIPS 140-2 and FIPS 197. You should only use software that meets the minimum requirements of these encryption standards. Encryption methods and software can be slightly complex, so it is worth viewing the National Cyber Security Centre (NCSC).

Losing the Encryption Key

Unfortunately, losing the encryption key is one of the potential issues. The more secure you make a piece of information, the less likely you will be able to brute force your way back inside if you lose the key. After all, the point of encryption is that absent the key, no one can access that data.

The media brought the perils of losing encryption keys into the public eye through the story of James Howells, who threw away a hard drive containing encryption keys for bitcoin. Years later, Mr Howells calculated that the encryption keys would allow him to access £150m in bitcoin. Nevertheless, without the original hard drive, he could not access it and recover the money. Accordingly, it is vital to store encryption keys securely, as the consequences of their loss can be substantial.

GDPR on Data Encryption

The UK GDPR requires businesses in England to safeguard their personal data, defined as any information that could identify an individual (whether a customer, staff member or third party).

Therefore, the ICO encourages encrypting personal data, as it makes the information more secure from cybercriminals. However, as with house locks, which remain susceptible to a locksmith and their tools, encryption methods are not infallible. Thus, it is worth keeping other safeguards in place. This includes, for example, password-protecting both USB sticks and relevant email attachments.

Key Takeaways

The ICO confirms that using encryption algorithms effectively protects against the unauthorised use of personal data. In this way, they will give merit to any business that sensibly uses encrypted content. Some business owners obtain specialist advice from data protection lawyers before implementing encryption solutions for peace of mind.

If you need help utilising encryption to comply with the GDPR, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents.  Call us today on 0808 196 8584 or visit our membership page.  

Frequently Asked Questions

Why is encryption considered to be safer than regular password use?

The main reason is that cyber criminals and authorised users can attempt to ‘crack’ a password by brute forcing multiple passwords. In contrast, encryption is viewed as an appropriate safeguard because secure encryption keys are near impossible to crack.

What other security measures does encryption assist?

Alongside the storage of sensitive information, encryption can also help online safety by assisting international data transfers. For example, some software (including WhatsApp) has end-to-end encryption. End-to-end encryption means that only the sender and receiver have the appropriate encryption keys, so any interception of the message by someone else will read as random symbols.

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

4 Common Challenges Your Company Will Face With the GDPR in the UK

Five GDPR-Related Cybersecurity Mistakes Business Owners Make in the UK

When Could Your Business Face a Fine From the ICO for Breaching the GDPR in the UK?

How Should My Business in England Handle Requests for Data Erasure Under the GDPR? 

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards