Integrity and Confidentiality

A core data protection principle requiring that personal data be processed in a manner ensuring appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage. Integrity means data remains accurate, complete, and unaltered except through authorized changes. Confidentiality means data is protected from unauthorized access and disclosure. Together, these concepts encompass data security obligations. Organizations must implement technical and organizational measures appropriate to risks, including encryption, access controls, backup procedures, incident response capabilities, staff training, and vendor management. The principle recognizes that privacy protection is meaningless without security—data subject rights can't be exercised if data is compromised, transparent processing doesn't matter if data is stolen, and legal compliance is impossible without security foundations. Security measures should be risk-based, considering data sensitivity, potential harms, available technology, and implementation costs.