Requirements of the GDPR | Exemplary measures |
---|---|
Availability | a. Making backup copies of data b. Protection against external influences (malware, sabotage, force majeure, etc.) c. Redundancy of hardware, software, and infrastructure |
Integrity | a. Restriction of write and change rights b. Protection against external influences (espionage, hacking) c. Documented assignment of authorizations and roles |
Confidentiality | a. Encryption of stored or transferred data as well as processes for managing and protecting cryptographic information (crypto concept) b. Definition of an authorization and role concept according to the necessity principle based on an identity management by the responsible body |
Non-Linking | a. Restriction of processing, usage, and transmission rights b. Use of purpose-specific pseudonyms, anonymization services, anonymous credentials, processing of pseudonymous or anonymized data |
Transparency | a. Versioning b. Logging of accesses and changes |
Intervenability | a. Operation of an interface for structured, machine-readable data for retrieval by data subjects b. Operational possibility to compile, consistent correction, blocking and deletion of all stored data about a person |
Data minimization | a. Reduction of recorded attributes of the affected people b. Implementation of data masks that suppress data fields, automatic blocking and deletion routines, and pseudonymization and anonymization procedures |