Personal data must be ‘processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.


To protect personal data, the Regulation promotes using techniques such as pseudonymization and encryption of personal data.