Law and standards

Technical and organisational measures (TOMs)

What are technical and organisational measures?

Technical and organisational measures are the safeguards the GDPR requires for the processing of personal data. Article 32 GDPR calls for a level of protection appropriate to the risk.

Article 32 names encryption, confidentiality, integrity, availability and resilience of systems as examples, along with a procedure for regularly testing whether the measures actually work. The legal text is available in the Austrian federal legal information system, guidance from the data protection authority.

In practice this means two things. The measures have to work in daily operation, and they have to be demonstrable when reviewed. The IT Check documents which of the technical measures are in place in your business.

All terms in the knowledge base

From the term to practice

Where does your business actually stand?

The IT Check reviews your IT across 8 audit areas with more than 100 individual checks and delivers documented findings with a prioritised action plan. From 1,299 € excl. VAT. The first call takes 20 minutes and carries no charge.

Book a first call