Data protection security measures according to GDPR

nurmohammadkhan · Post by **nurmohammadkhan** » Sun Jan 12, 2025 5:08 am

One of the novelties of the GDPR is that the choice of security measures to be adopted to protect data is entrusted to the owner who decides taking into account the state of the art , costs, nature of the data, context, purposes of processing and risks for the rights and freedoms of individuals that the processing may entail.

If you look closely, a similar rule was also contained in the old Privacy Code azerbaijan phone data which however also prescribed the obligation to adopt a series of measures , so-called "minimum", which were punctually described. If the owner had considered these measures insufficient , he would have had to identify others according to his own assessment. In reality, in most cases it was believed that the minimum measures were sufficient to guarantee compliance with the law and the faculty recognized to the owner remained a dead letter. All this led to the downward homologation of security measures which were not only " minimum " because the legislator had essentially identified a minimum common denominator among the many possible ones, but were also the same for all types of processing and all types of data , with a little more attention for sensitive ones .