Defining Security Measures
Under the GDPR, both data controllers and data processors must implement appropriate technical and organizational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access.
To access and define security measures:
Select click Key elements > Security Measures.
Security measures may be of the following types:
• Technical measures
Examples: Data partitioning, disaster recovery, anti-virus, Firewall
• Organizational measures
Examples: Policies and procedures, assignment of specific roles, Hardware maintenance
• Certification Systems
Example: ISO 27001, ISO 27018
Security measures apply to data processing. Security measures which apply to transfers are called safeguards. For more details, see Defining Transfer Safeguards.