The UK data protection authority has issued two new documents, looking at how companies should adjust their practices related to encryption and passwords.

Context: in the run-up to GDPR, and even more so following its approval, data protection authorities have published extensive guidelines helping businesses to comply with the new European regulation. The ICO has been among the most active and thorough regulators in doing so.

What’s new? With this week’s publication, the ICO expands on aspects of data security such as passwords and encryption.

In detail: The ICO encourages businesses to use encryption in storing data and when transmitting it over untrusted networks. It states that solutions are generally available at low costs, and recommends businesses to have a policy in place and to educate staff on the use of encryption. Guidelines on passwords suggest defenses to put in place, such as limiting the amount of login attempts or whitelisting IP addresses.