Article 2
Goals
The controller and the processor must take technical and organisational measures in order to ensure, depending on the level of protection required, that the data being processed:
- a. are only accessible to authorised persons (confidentiality);
- b. are available when they are required (availability);
- c. are not altered without authorisation or unintentionally (integrity);
- d. are processed in a traceable manner (traceability).