Confidentiality and security
The processing of personal data must be confidential and secure. The controller is required to assess the potential risks, the level of the organisation's data protection and data security guidelines, and the technical security of personal data. The adequacy of safeguards must be weighed against the circumstances and risks.
The purpose of safeguards is to ensure the confidentiality, integrity and availability of systems, services and data. Personal data must be protected against unauthorised and unlawful processing, and from accidental loss, destruction or damage. Personal data breaches can cause significant risks to data subjects, such as falling victim to identity theft or fraud. It must also be possible to restore the personal data in the event of a physical or technical accident. Personal data must be protected during all processing operations and for the entire lifespan of processing.
The controller must regularly test the functionality of safeguards and make the required improvements.