Ultimately we have only two areas to encrypt. The first area is encrypting our network connection, and the data that goes against them. The second is encrypting the actual data when it is "at rest", which is an industry term indicating encrypting the data where it had permanent or near permanent storage.
Different Compliance standards requests different things. Some only care about the storage, others only the "in flight", and some require both. You have to know what your requirements are if you only want to do some encryption, versus going wholesale.
Important to remember is that any encryption requires a performance cost. Some less than others, but a cost nonetheless.
My next post on this comment will be the network options for encryption.