GDPR Fundamentals: Data Security Requirements
While GDPR is primarily a data privacy law, it also includes elements of data security. But of course, GDPR is ambiguous so it’s not very prescriptive when it comes to data security requirements for processing personal data. The law requires each organization to evaluate its own data security based risk, processing activities, and its organizational structure.