Skip to main content

Table 3 Exemplary measures for implementing the GDPR.

From: Development of a Web GIS for small-scale detection and analysis of COVID-19 (SARS-CoV-2) cases based on volunteered geographic information for the city of Cologne, Germany, in July/August 2020

Requirements of the GDPR Exemplary measures
Availability a. Making backup copies of data
b. Protection against external influences (malware, sabotage, force majeure, etc.)
c. Redundancy of hardware, software, and infrastructure
Integrity a. Restriction of write and change rights
b. Protection against external influences (espionage, hacking)
c. Documented assignment of authorizations and roles
Confidentiality a. Encryption of stored or transferred data as well as processes for managing and protecting cryptographic information (crypto concept)
b. Definition of an authorization and role concept according to the necessity principle based on an identity management by the responsible body
Non-Linking a. Restriction of processing, usage, and transmission rights
b. Use of purpose-specific pseudonyms, anonymization services, anonymous credentials, processing of pseudonymous or anonymized data
Transparency a. Versioning
b. Logging of accesses and changes
Intervenability a. Operation of an interface for structured, machine-readable data for retrieval by data subjects
b. Operational possibility to compile, consistent correction, blocking and deletion of all stored data about a person
Data minimization a. Reduction of recorded attributes of the affected people
b. Implementation of data masks that suppress data fields, automatic blocking and deletion routines, and pseudonymization and anonymization procedures