Article 32 - Security of processing

Article 32 of the GDPR obliges data controllers and processors to adopt suitable technical and organisational measures that ensure a level of security appropriate to the risk. This includes actions such as pseudonymisation, encryption, ensuring confidentiality, integrity, availability and resilience of processing systems, and having the capacity to restore the availability and access to personal data promptly after an incident.