Glossary Page

Article 32

Article 32 requires that data controllers and data processors secure consumer data using the “appropriate technical and organizational measures.”

Recommended security practices include:

  • Encrypting and anonymising personal data
  • Keeping processing systems and services confidential and available
  • Taking steps to maintain system resiliency and integrity
  • If an incident occurs, ensuring personal data access can be restored as soon as possible
  • Implementing a process for security evaluation

In short, businesses under the GDPR are expected to ensure security for any personal data they process and Article 32 outlines specific guidelines for what's required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.