Article 32 states that controllers and processors shall implement appropriate technical and organisational measures to ensure a degree of safety acceptable to the danger of the processing. Rather, the GDPR adopts a proportionate, context-specific method to security. A course of for frequently testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the...