# Security measures

## The GDPR strengthens the obligation of data security.

Securing personal data involves identifying and implementing examples of security measures proportionate to the risk identified by acting on:

* the "elements to be protected" (data): minimize, encrypt, anonymize, etc.
* "Potential impacts" (erasure, data breach): encryption, allowing to save data, trace activity, manage data breaches etc.
* "Sources of risk" (uncontrolled access, maintenance application, etc.): control access, manage third parties, fight against malicious code, etc.
* The "supports" (servers, networks, workstation ...): pseudonymisation, anonymisation, reduction of material vulnerabilities, software, networks, paper documents etc.
* "Cross-cutting actions" at entity level, the personal data protection policy integrates the protection of personal data in projects

Examples of security measures:

* Access rights
* Encryption
* Data masking
* Pseudonimization

For more information about security, consult the [**ICO personal data security guide**](https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/security/).

## For more information

{% content-ref url="../../features/editer-le-registre/remplir-le-questionnaire/mesures-de-securite" %}
[mesures-de-securite](https://doc.dastra.eu/en/features/editer-le-registre/remplir-le-questionnaire/mesures-de-securite)
{% endcontent-ref %}