The type of security, most commonly associated with GDPR compliance. The purpose of the technical safeguards is to prevent unauthorized technical access to the collected personal data and to ensure data availability in case of unforeseen events. Examples of what can be done to achieve the required technical level of security: Backups, antivirus, firewalls, encryption, pseudonymization, authenticity, m.mm.
The objective of the physical safeguards is to prevent unauthorized persons from getting physical access to personal data and equipment where personal data are processed. Examples of what can be done to ensure a necessary level of physical security: Theft alarms, locking important premises, ensuring that screens can not be read from the outside, m.mm.
The goal of organizational security is to ensure that only authorized persons have access to the personal data. Examples of what can be done to ensure the necessary organizational security level: Establish clear data management policies, establishing supervisory arrangements, and establishing clear rules for data erasure and destruction of data media.