Bud P. Bruegger (ULD)
Acknowledgements: The author thankfully acknowledges the contribution by Frédéric Tronnier (GUF) who wrote an analysis of this principle as input to the here presented description. |
The following discusses the principle of integrity and confidentiality that is defined in Art. 5(1)(f) GDPR.
Integrity and confidentiality at a glance: The principle refers to the classical protection goals of IT security, namely confidentiality, integrity and availability (CIA). Resilience can be considered an aspect of availability. The main focus is to protect assets against risks caused by undesirable events. In stark contrast to IT security, these assets and risks are not those of the controller (an organization), but those of the data subjects. From this point of view, it is also clear why data portability fits to availability within this principle: It protects data subjects from losing an asset (represented by the data) when changing controller (mostly provider). |