According to Article 33 of Regulation (EU) No 2018/1725, the controller and the processor must implement appropriate technical and organisational measures to ensure an appropriate level of security in relation to the risks represented by the processing, and the nature of the personal data to be protected.An example, provided in Article 33 of the GDPR, is the pseudonymisation and encryption of data.