We have GDPR and I have been asked to encrypt staff laptops. We are using windows 7 enterprise. The idea is if the laptop is lost or stolen, the person who gets the laptop must not be able to recover the data from the laptop Hard disk.
The laptops that we have does not have TPM module. We have found a way of setting up bit locker and here during the setup process, the encrypted key corresponding to the laptop is copied to a USB stick and whenever the laptop is booted the USB stick must be inserted into the laptop to authenticate and boot into windows.
This method will not be suitable for uses, they can lose the USB stick, it will be difficult for them to carry this with the laptop and if they keep the USB in the laptop bag and if the laptop bag is lost, the data can fall into wrong hands.
Please let me know if there is any other way around or any software that can encrypt the staff laptops.
Any help will be great