Mostly depends on the kind of data processing carried on by the controller or the processor (i.e. is it a computer or paper-based data processing?).
Article 32 GDPR let the controller determine what technical security safeguards to ensure a level of security appropriate to the risk and able to guarantee:
resilience of systems
Of course, in computer-based data processing some basic technical security safeguards are:
access control (with different level of account restrictions)
the use of a VPN service
The GDPR suggests also to prefer cryptography and pseudonymization of data when possible. Any specific remedy is listed because the aim of the GDPR is to set principles that can resist to technology evolution.