What are Technical and Organizational Measures (TOM)?

According to the Article 32 of the GDPR, the processor has to implement and document appropriate technical and organizational measures to ensure a level of security appropriate to the risk entailed by the processing activity, in particular:

  • pseudonymisation and encryption of personal data;
  • ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
Definition

What's a data breach notification

A personal data breach is a breach of security resulting in the destruction, loss, alteration or unauthorized disclosure of personal data.According to Article 33 of the GDPR, as a processor, you must notify controllers of any personal data breach as soon as possible after becoming aware of it and offer your assistance to assess the impacts on data subjects’ lives.
Definition

What's the legal basis for a processing activity?

To process personal data a valid lawful basis is necessary. There are six available lawful bases for processing:Consent: The data subject has given clear and affirmative consent to the processing of their personal data for a specific purpose.Contract: The processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
Compliance

Do I need a Data Processing Agreement?

It depends on your business and what kind of data you are collecting and processing. In general, if you are collecting and processing personal data from individuals in the European Union (EU), you may need a data processing

Become GDPR compliant in minutes!

Privacyboard helps you comply with GDPR easily so you can focus on what's really important for your business.
Start for free
Privacyboard

Product

PricingAbout

Ressources

BlogSubprocessorsKnowledge CenterGlossarySupervisory AuthoritiesEmail Templates

Legal

Privacy PolicyCookie PolicySubprocessorsRight RequestsTerms
Made in  🇪🇺  with  ☕️