Chapter 4 · Controller and Processor

Article 32Security of processing

All 99 Articles Chapter 4: Controller and Processor

You must implement appropriate technical and organisational security measures for the risk — potentially including encryption, pseudonymisation, resilience and regular testing.

Key points

  • Security must be proportionate to the risk to individuals.
  • Examples: encryption, pseudonymisation, access control, backups, testing.
Read the official text on EUR-Lex

Related articles

33Notification of a breach to the supervisory authority34Communication of a breach to the data subject25Data protection by design and by default5Principles relating to processing of personal data24Responsibility of the controller28Processor
Practical guidance

These summaries are a plain-English orientation only and are not a substitute for the official text of the Regulation or for legal advice.

Need to apply Article 32?

Our data-protection lawyers turn the text into a plan.

Talk to a lawyer
Back to all articles