Therefore, the controller must conduct a risk analysis and – on this basis – take…
The (appropriate) measures a controller must take may include in particular the ones…
1. technical organizational measures to ensure that processing complies with the…
2. measures to ensure that it is subsequently possible to verify and establish whether…
3.measures to increase awareness of staff involved in processing operations,…
4.designation of a data protection officer,…
5.restrictions on access to personal data within the controller and by processor…
6.the pseudonymization of personal data,…
7.the encryption of personal data…
8. measures to ensure the ability, confidentiality, integrity, availability and resilience…
9.a process for regularly testing, assessing and evaluating the effectiveness of…
10.specific rules of procedure to ensure compliance with the FDPA and with the GDPR…
Compliance with Sec. 22 (2) FDPA does, however, not release the controller from complying…
