Technical and Organisational Measures

< Back
You are here:

Data protection regulation refers numerous times to ‘technical and organisational measures’.  These relate to the measures which an organisation is taking to protect personal data and in all cases should take into account; state of the art, cost of implementation and the scope, nature and purposes of the processing.  In other words, an organisation should assess their risks and put appropriate measures in place based upon what is available and what is practical.  Although not exhaustive, this article provides an overview of the types of measures which might be put in place.

Technical Measures

Technical measures refer to any additional protection which can be placed around personal data through a technical solution, these may include:

  • Firewalls to protect the organisations network
  • Technical security such as string user access protocols
  • Encryption of data whilst it is in transit (SSL websites etc)
  • Encryption of data whilst it is at rest (Laptop encryption etc)
  • Penetration testing, to identify vulnerabilities of networks
  • Implementation of standards such as Cyber Essentials or ISO27001

Organisational Measures

Organisational measures refer to any additional protection which can be placed around personal data through an operational solution, these may include:

  • Clearly define policy, understood by all colleagues
  • Physical security of the organisations building
  • Minimisation of data collection as part of business process
  • Anonymisation or pseudonymisation of personal data
  • Regular staff awareness training
  • Data retention schedules
  • Procedure to ensure data subject’s rights are implemented
Mark Roebuck

Mark Roebuck

Building a career around data led programme management Mark recognised that existing data compliance solutions were complex and difficult for clients to use. Frustrated with the options he founded ProvePrivacy to provide an effective and simple to use data protection compliance solution.

Copyright:  All information and articles provided represent the views of ProvePrivacy Limited and our contributors.  They do not constitute legal or data protection advice. All rights reserved.

You Might Also Like