GDPR: a cornerstone in the protection of personal data
Regulation (EU) 2016/679 (GDPR) establishes the foundations of personal data protection already in Article 5, which sets out the general principles of processing, including integrity and confidentiality, aimed at ensuring data security. In fact, Article 5(1)(f) explicitly states: “Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).”
This principle finds concrete application in Article 32, “security of processing”, which requires controllers, including Certification Authorities, and processors to implement technical and organizational measures appropriate to the risk, to ensure the confidentiality, integrity, availability, and resilience of the data being processed.