# Technical and organisational measures (TOMs)

**What are technical and organisational measures?**

Technical and organisational measures are the safeguards the GDPR requires for the processing of personal data. Article 32 GDPR calls for a level of protection appropriate to the risk.

Article 32 names encryption, confidentiality, integrity, availability and resilience of systems as examples, along with a procedure for regularly testing whether the measures actually work. The legal text is available in the Austrian federal legal information system, guidance from the data protection authority.

In practice this means two things. The measures have to work in daily operation, and they have to be demonstrable when reviewed. The IT Check documents which of the technical measures are in place in your business.

## Related terms
- [GDPR](https://vetosec.at/en/it-security/dsgvo/)
- [Data processing agreement (DPA)](https://vetosec.at/en/it-security/auftragsverarbeitung/)
- [Data breach notification duty](https://vetosec.at/en/it-security/meldepflicht-datenpanne/)
- [Encryption](https://vetosec.at/en/it-security/verschluesselung/)

## Source
https://vetosec.at/en/it-security/tom-dsgvo/ (vetosec, recht)
