Data Security Under the GDPR | Practical Law
A Practice Note discussing data security obligations under the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), including European Data Protection Board (EDPB) and EU Agency for Cybersecurity (ENISA) guidance on appropriate security measures, encryption, and pseudonymization. This Note also addresses controller and processor roles and responsibilities, data protection by design and default, security and data protection impact assessments (DPIAs), sanctions for non-compliance, and potential overlap between the GDPR and EU Security of Network and Information Systems (NIS) Directives.