The GDPR law (article 32) requires every company to implement technical measures to ensure a level of security.
More specifically:
– the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
– a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures
This applies to every website since only by having a European citizen visit the website, the owner processes their personal data. And even more if the user leaves their email or other personal data on the website.
How to comply with this obligation?
