What are Technical and Organizational Measures (TOM)?

According to the Article 32 of the GDPR, the processor has to implement and document appropriate technical and organizational measures to ensure a level of security appropriate to the risk entailed by the processing activity, in particular:

pseudonymisation and encryption of personal data;
ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Compliance

Can I transfer data outside the European Union?

Location where data is stored is a paramount criteria for controllers. If servers hosting data are located in the European Union or in an adequate country, data transfers can be operated without additional safeguards as these countries’ legislations are protective enough of personal data and individuals’ rights.

Definition

What are Technical and Organizational Measures (TOM)?

Definition

What's a processing activity purpose?

The purposes are the principal objectives for which personal data are collected. These objectives should be clearly identified and personal data should never be processed in a way that is inconsistent with them.

What are Technical and Organizational Measures (TOM)?

Can I transfer data outside the European Union?

What are Technical and Organizational Measures (TOM)?

What's a processing activity purpose?

Become GDPR compliant in minutes!

Product

Ressources

Legal