Which of the following principles is crucial for the security of personal data under GDPR?

The principle highlighting that security measures must ensure the integrity and confidentiality of personal data is fundamental under the General Data Protection Regulation (GDPR). This principle is rooted in the requirements of Article 5(1)(f) of the GDPR, which mandates that personal data must be processed in a manner that ensures appropriate security. This includes protecting against unauthorized processing and accidental loss, destruction, or damage.

Ensuring integrity means that personal data should remain accurate and trustworthy, reflecting the true information of the data subjects. Confidently safeguarding confidentiality involves implementing measures to protect personal data from unauthorized access. Together, these aspects form a critical component of data protection, reinforcing the accountability of organizations in how they handle personal data.

It’s important to note that other options present misconceptions about data handling under GDPR. For instance, data cannot be stored indefinitely; it must be kept only as long as necessary for the purposes for which it was processed. Encryption, while highly recommended for protecting data, is not optional in all cases; it is part of standard security measures that data controllers should consider based on risk assessments. Lastly, the security of personal data is not solely the responsibility of the data subject; it is a shared responsibility that involves both data subjects and entities that process their data.