GDPR-32-07 Data Governance 32 — Security of processing

Ensure personnel process data only on instructions or legal requirement

Description

Controllers and processors must take steps to ensure that any natural person acting under their authority who has access to personal data does not process them except on instructions from the...

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Related Obligations

GDPR-32-01 Requirement

Implement appropriate technical and organisational security measures

GDPR-32-02 Requirement

Implement pseudonymisation and encryption where appropriate

GDPR-32-03 Requirement

Ensure ongoing confidentiality, integrity, availability and resilience

GDPR-32-04 Requirement

Implement timely data recovery capabilities

GDPR-32-05 Requirement

Regularly test and evaluate security measures effectiveness

GDPR-32-06 Risk Management

Assess security risks in determining appropriate security level

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Ensure personnel process data only on instructions or legal requirement

Description

Full Analysis & Evidence Requirements

Related Obligations

Map this obligation to your AI systems

Start your compliance assessment