About data security, GDPR requires to assure integrity, availability, reliability, and confidentiality of data taking into account the state of art, the purposes of the processing, the data involved, the scale of processing, and the cost. The controller must balance all these aspects in order to find the level of security which minimizes the risk for company data.
Company data require to be known to assure data subjects' rights and compliant data processing. All implementation processes start from knowing its own business and the kind of data processed, how data are processed, where data are stored, and who has access to them. We developed a toolkit to help organizations to make this process as easy as possible.