According to the GDPR, personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’). (See the “Integrity and confidentiality” subsection in the “Main Principles” section of the General Part of these Guidelines).

This principle involves three main issues: integrity, confidentiality and availability. Availability and integrity are somehow linked, since only data that are adequately preserved can be made available to the data subject. Confidentiality, instead, is a more complex issue that deserves complex measures due to the kind of processes involved and the risks inherent to such processes.