"
@Roland6 ... by placing an obligation on those who retain encrypted data at rest, to retain the keys.
"
There is no such obligation under UK law. It remains a defence to the charge of failing to decrypt data that you do not have, nor could you reasonably be expected to recover, the means of decrypting the data.
Like many laws, this law is likely to catch out people who intend nothing illegal, whilst being simple to circumvent by those who do.
Biting the hand that feeds IT
