Technical and Organisational Measures

August 18th, 2022 | Posted by Claude-Etienne Armingaud in

GDPR requires a risk-based approach to data protection, whereby organizations take into account the nature, scope, context and purposes of processing, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, and institute policies, controls and certain technologies to mitigate those risks. These “appropriate technical and organisational measures” might help meet the obligation to keep personal data secure, including technical safeguards against accidents and negligence or deliberate and malevolent actions, or involve the implementation of data protection policies. These measures should be demonstrable on demand to data protection authorities and reviewed regularly.

Acronym: TOMs

You can follow any responses to this entry through the RSS 2.0 Both comments and pings are currently closed.