What are Technical and Organizational Measures (TOM)?

According to the Article 32 of the GDPR, the processor has to implement and document appropriate technical and organizational measures to ensure a level of security appropriate to the risk entailed by the processing activity, in particular:

  • pseudonymisation and encryption of personal data;
  • ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Become GDPR compliant in minutes!

Privacyboard helps you comply with GDPR easily so you can focus on what's really important for your business.
Start for free