Use
VeraCrypt to either create an encrypted container (an encrypted file on disk which must be decrypted to view the contents, useful to encrypt only a few specific files) or better yet you can encrypt an entire disk which will always be encrypted until a password is put in. You can also setup a two layer password trap in case you are forced by law enforcement in your country to give up the password. You give them a fake password which will make it look like they've successfully decrypted the drive but there is another encryption layer in which you store the real contents that you want to hide. However by far the most superior in my opinion is the ability to encrypt the system drive. With this setup everytime you boot your computer before the operating system even starts you're prompted for a decryption key (your set password). Without this nobody can ever even boot the computer unless they have the key. This is perhaps the highest level of security achieveable.
Personally I think anyone who is seriously into this shit should acknowledge how fucked they'd be if all the data on their computer would be accessed by the law enforcement. Seriously people set this up it's not very hard, it's unbeatable and it gives you chills of your soul. I'm actually glad someone brought it up in a thread like this almost felt like we all just hope that the day it all fucks up never comes...
And I should note that VeraCrypt is completely open-source (meaning the code of the software can be viewed and verified) as well as completely for free and it runs on any major operating system (Windows, Linux, macOS) so you can decrypt or encrypt your files/disks from basically any computer you can think of.
WARNINGS :
The encryption for the entire operating system is only applied when the computer is shut off meaning if you put your computer into sleep mode it is NOT encrypted. To encrypt it you must always power it off. In case the power is cut off on a PC or when the battery on a laptop runs out the computer is encrypted in that case since it's technically been rebooted. And remember that this only encrypts the system drive (the disk from which the operating system runs). If you have multiple storage devices you use with your computer you have to encrypt each separately. It is possible to setup automatic decryption for any drive on boot but it's pretty technically complex for an amateur. But with this you can get the perfect setup say you have a system drive for the operating system and then another drive where you store your files. With this setup when you boot the computer you'll be prompted for the password of the system drive. You enter it and when the operating system boots the other drive with your files would automatically be decrypted (which will happen only if you successfully entered the password to boot in the first place) and completely usable like any ordinary drive. This is the most comfortable, scalable and optimal way you can set up security for your computer.
If you make sure to turn the computer off every time you're not using it and anyone no matter who it is or what tech they have to do so will never be able to access the computer. I guarantee that with absolute certainty.
This goes without saying but the password that you setup MUST be long, complex and very variable as much as possible. If you setup a simple password then technically one could bruteforce the encryption and get in. However if you setup password let's say for example 10 characters and you use letters, numbers and at random places a special character like "#, $, *" nobody can ever break this type of encryption with a bruteforce attack.
Another obvious one you can never forget the password. If you do you'll never access the data on that drive again.
Good luck on this journey to freedom of knowing your data is safe from anyone.
