The principle of integrity and confidentiality refers to the classical protection goals of IT security, namely confidentiality, integrity and availability. Resilience can be considered an aspect of availability. The main focus is to protect assets against risks caused by undesirable events. In stark contrast to IT security, these assets and risks are not those of the controller (often an organisation), but those of the data subjects. From this perspective, it is clear why data portability fits withavailability in this principle: it protects data subjects from losing an asset (represented by the data) when changing controller (mostly the provider).