The DPA guidelines are new. They check my database and say I should encrypt data in the database, which is confidential information.
Do I really have to do that? The reason is that I can not see it.
I'm the only internal developer and most of the time, I've changed some data on request from the staff and if I want to encrypt it. It will be a hassle for me.