Glossary
security

Data Encryption

Definition

Converting data into code that can only be read with the correct key, protecting information during transmission and storage.

What is Data Encryption?

Data encryption converts readable information into scrambled code that can only be deciphered with the correct encryption key. It protects data both in transit (as it travels across the internet) and at rest (stored on servers).

Without the encryption key, intercepted data is meaningless gibberish to attackers.

Why Data Encryption Matters

Protect Sensitive Data

Customer details, payment information, passwords – all must be protected from interception.

Legal Requirements

GDPR and other regulations require appropriate security measures, including encryption where relevant.

Trust Building

Visible security (HTTPS padlock) builds customer confidence to share personal information.

Breach Mitigation

Encrypted data is useless to attackers even if they access your systems.

Types of Encryption

Encryption in Transit

Protects data as it travels between user and server. HTTPS/SSL provides this.

Encryption at Rest

Protects data stored in databases and files. Even if servers are compromised, data remains encrypted.

End-to-End Encryption

Data encrypted on sender's device, decrypted only on recipient's device. No intermediary can read it.

Encryption for Websites

HTTPS (Essential)

SSL/TLS certificates encrypt all traffic between visitors and your site. Non-negotiable for any website.

Database Encryption

Sensitive fields (passwords, payment details) should be encrypted in your database.

Password Hashing

Passwords should never be stored in plain text. Proper hashing (bcrypt, Argon2) makes them unreadable.

Backup Encryption

Backups contain all your data. Encrypt them to prevent exposure if backup storage is compromised.

What Should Be Encrypted

Always Encrypt

  • User passwords
  • Payment card details
  • Personal identification information
  • Health information
  • Financial data
  • All data in transit (HTTPS)

Strongly Recommended

  • Email addresses
  • Physical addresses
  • Phone numbers
  • Any data classified as personal under GDPR

Encryption Standards

Current Best Practices

  • TLS 1.3 for data in transit
  • AES-256 for data at rest
  • bcrypt or Argon2 for password hashing
  • RSA 2048+ for key exchange

Avoid Deprecated Standards

  • SSL 2.0/3.0
  • TLS 1.0/1.1
  • MD5 for passwords
  • DES encryption

Practical Implementation

For Most Websites

  1. Enable HTTPS with a modern SSL certificate
  2. Use a reputable CMS that handles password hashing
  3. Choose hosting that encrypts data at rest
  4. Encrypt backups before offsite storage

For E-commerce

Use established payment processors (Stripe, PayPal) that handle card encryption – don't store card details yourself.

Related Terms

GDPR

The General Data Protection Regulation – EU law governing how businesses collect, store, and use personal data of EU residents.

HTTPS

The secure version of HTTP, using encryption to protect data between websites and visitors. Indicated by a padlock icon in the browser.

SSL Certificate

A security certificate that encrypts data between your website and visitors, shown by the padlock icon and 'https://' in the browser. Essential for security and SEO.

Website Security

Protecting your website from hackers, malware, and data breaches through technical measures and good practices.

Explore More Terms

301 RedirectCustomer SegmentationLazy LoadingSchema MarkupZero-Click Search

Previous

Dashboard

All Terms

Next

Data Layer

Want to Learn More?

Check out our in-depth guides on web design, SEO, and digital marketing.

Browse All GuidesAsk a Question