Unified Metrics Library - Data security measures

Helper question

Did the company have specific security measures to protect themselves from cyber security threats and risks in place, during the period?

Summary

The organization must ensure that it has appropriate data security measures in place to protect the personal data they hold.

Unit

Boolean: Yes or No

Description

By protecting data from unauthorized or harmful use, data security measures could be of use to save energy, resources, and costs as well as enhance trust, transparency, and accountability.

Regulatory Definition

According to Article 5 of GDPR (1) Personal data shall be: (f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures ("integrity and confidentiality").

Sources

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) , Article 5 (f).

Examples

Data security measures can be single actions such as encryption and data control. However, most organizations have data management systems that are integrated into existing risk management and governance structures.

Data breaches

GDPR compliance