Privacy – Does the privacy officer have the right to decide if data in the database needs to be encrypted?

The DPA guidelines are new. They check my database and say I should encrypt data in the database, which is confidential information.

Do I really have to do that? The reason is that I can not see it.

I'm the only internal developer and most of the time, I've changed some data on request from the staff and if I want to encrypt it. It will be a hassle for me.