General Data Protection Regulation (GDPR)
Table of Contents
Chapter I – General provisions
Chapter II – Principles
Chapter III – Rights of the data subject
Chapter IV – Section 4
Chapter V – Section 5
Chapter VI – Independent supervisory authorities
Chapter VII – Cooperation and consistency
Chapter VIII – Remedies, liability and penalties
Chapter IX – Provisions relating to specific processing situations
Chapter X – Delegated acts and implementing acts
Chapter XI – Final provisions
Recitals (173)
Recital 83
(83) In order to maintain security and to prevent processing in infringement of this Regulation, the controller or processor should evaluate the risks inherent in the processing and implement measures to mitigate those risks, such as encryption. Those measures should ensure an appropriate level of security, including confidentiality, taking into account the state of the art and the costs of implementation in relation to the risks and the nature of the personal data to be protected. In assessing data security risk, consideration should be given to the risks that are presented by personal data processing, such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed which may in particular lead to physical, material or non-material damage.