(Reading time: 1 minute)

Security measures to take under the GDPR

The GDPR requires you to have appropriate technical measures in place to protect the personal data that you are processing.

Here are some security measures you could take


  • Malware protection
  • Up to date virus scan
  • Secure USB sticks such as the DataShure Pro2
  • Accurate security for employee’s telephone (also at BYOD)
  • Bitlocker
  • Unique login code and password
  • Encrypted email
  • Pseudonymizing personal data
  • No unsecured external hard drives
  • Do not make unsecured backups
  • Make sure that requests from data subjects are not only changed on regular servers but also on the back up server. Should you have to restore your data it must be up to date and the requests of data subjects must still have been carried out.
  • Do not store documents on a private laptop
  • Two factor or multi-factor authentication for all device and for all accounts where possible.
  • Transmission control: e.g. SSL certificate for websites (https: //) to transfer data within forms
  • Vulnerability management covers vulnerability scanning, security updating and penetration testing.