The General Data Protection Regulation (GDPR) mandates that organizations processing personal data must implement appropriate technical and organizational measures to ensure cybersecurity proportional to the risks involved. Key cybersecurity requirements include pseudonymization and encryption of personal data, ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems, and the ability to restore data access promptly after incidents. Organizations must regularly test and evaluate their security measures, manage access controls strictly, and have robust incident response plans to report breaches within 72 hours. These measures help protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data, thereby safeguarding individuals’ rights and maintaining compliance with GDPR standards.
Art. 32 is dedicated to cyber security and data protection.
Publication's URL
URL: https://eur-lex.europa.eu/eli/reg/2016/679/oj/engPublication's scorecard
Country: EU
Scope: Privacy
Typology: Regulation
Publication's date: May 4, 2016
Category: Data Protection & AI
Sector: Cross-Sector
Rating:
(No Ratings Yet)
Loading...