Skip to main content

Table 3 Exemplary measures for implementing the GDPR.

From: Development of a Web GIS for small-scale detection and analysis of COVID-19 (SARS-CoV-2) cases based on volunteered geographic information for the city of Cologne, Germany, in July/August 2020

Requirements of the GDPR

Exemplary measures

Availability

a. Making backup copies of data

b. Protection against external influences (malware, sabotage, force majeure, etc.)

c. Redundancy of hardware, software, and infrastructure

Integrity

a. Restriction of write and change rights

b. Protection against external influences (espionage, hacking)

c. Documented assignment of authorizations and roles

Confidentiality

a. Encryption of stored or transferred data as well as processes for managing and protecting cryptographic information (crypto concept)

b. Definition of an authorization and role concept according to the necessity principle based on an identity management by the responsible body

Non-Linking

a. Restriction of processing, usage, and transmission rights

b. Use of purpose-specific pseudonyms, anonymization services, anonymous credentials, processing of pseudonymous or anonymized data

Transparency

a. Versioning

b. Logging of accesses and changes

Intervenability

a. Operation of an interface for structured, machine-readable data for retrieval by data subjects

b. Operational possibility to compile, consistent correction, blocking and deletion of all stored data about a person

Data minimization

a. Reduction of recorded attributes of the affected people

b. Implementation of data masks that suppress data fields, automatic blocking and deletion routines, and pseudonymization and anonymization procedures