Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

GDPR Security Principle

by Adam Brogden
in Blog

02-Dec-2019 10:23

Take a look at this very useful article from the ICO. This applies to every company, not just large corporations or companies using clever technology. The good news is that if you complete your policies and procedures and follow the advice in the Information Security policy you will meet these requirements but if you want to discuss please call us anytime.


A key principle of the GDPR is the ‘security principle’ - processing personal data securely by means of ‘appropriate technical and organisational measures’ .

Doing this requires you to consider things like:

  • risk analysis,
  • organisational policies, and
  • physical and technical measures.

You also have to take into account additional requirements about the security of your processing – and these also apply to data processors. You can consider the state of the art and costs of implementation when deciding what measures to take – but they must be appropriate both to your circumstances and the risk your processing poses. Where appropriate, you should look to use measures such as pseudonymisation and encryption. Your measures must ensure the confidentiality, integrity and availability of your systems and services and the personal data you process within them.

The measures must also enable you to restore access and availability to personal data in a timely manner in the event of a physical or technical incident. You also need to ensure that you have appropriate processes in place to test the effectiveness of your measures, and undertake any required improvements.


Good luck all.