Article 39.01
A data controller and data processor shall implement appropriate technical and organisational measures to ensure the security, integrity and confidentiality of personal data in its possession or under its control, including protections against accidental...
Article 39.02
Measures implemented under subsection (1) may include —
(a) pseudonymisation or other methods of de-identification of personal data;
(b) encryption of personal data;
(c) processes to ensure security, integrity, confidentiality, availability a...