Technical and organisational measures in compliance with GDPR

Art. 32 GDPR defines various areas of security for which appropriate technical and organisational measures (TOMs) are to be taken. The aim is to ensure an appropriate level of protection, taking into account the state of the art, the necessary effort and assessing risks. [Legal text at EUR-LEX]

The following technical and organisational measures defined for votesUP are only part of the security scheme: the basic server operation is ensured by the provider Hetzner as a subprocessor. The TOMs of the provider can be retrieved from

Data protection is an ongoing task. The IT world continues to evolve. Organisational measures depend on the size of an accompanying team and are based on risk assessments. Therefore, we will constantly adapt the TOMs to current developments and also improve them on the basis of empirical values.

1. Pseudonymisation

2. Encryption

3. Ensuring confidentiality

4. Ensuring integrity

5. Ensuring availability

6. Ensuring the resilience of the systems

7. Procedures for restoring the availability of personal data after a physical or technical incident

8. Procedures for regular review, assessment and evaluation of the effectiveness of technical and organisational measures


Last TOM update: 22/05/2021