According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?
According to GDPR, what should be done with data to ensure its confidentiality, integrity, and availability?
To ensure the confidentiality, integrity, and availability of data under GDPR, organizations are required to conduct a Data Protection Impact Assessment (DPIA). A DPIA helps identify and minimize data protection risks associated with personal data processing. This assessment is a comprehensive approach that aligns with GDPR requirements, focusing on evaluating how data processing impacts individuals and implementing measures to safeguard their data.
DPIA is the KEY term regarding GDPR and related risk about the processing.
According to GDPR, to ensure the confidentiality, integrity, and availability of data, the following actions should be taken: A. Perform a vulnerability assessment. A vulnerability assessment is the process of identifying and evaluating security vulnerabilities in an organization's information systems, applications, and network infrastructure. By performing a vulnerability assessment, an organization can identify potential security weaknesses and take appropriate action to mitigate or eliminate them. This is essential to ensuring the confidentiality, integrity, and availability of data. While conducting a data protection impact assessment, penetration testing, and awareness testing are also important aspects of a comprehensive data security strategy, they are not specifically mentioned in GDPR as measures to ensure the confidentiality, integrity, and availability of data.
C. https://www.itgovernance.co.uk/green-papers/penetration-testing-and-the-gdpr
B but it could be also C, why not?