Processing agents shall adopt security, technical and administrative measures capable of protecting personal data from unauthorized access and from accidental or unlawful destruction, loss, alteration, communication or any form of improper or illegal treatment.
- 1. The national authority may lay down minimum technical standards to make the provisions of the main section of this article applicable , taking into consideration the nature of the information processed, the specific characteristics of the processing and the current state of the technology, especially in the case of sensitive personal data, as well as the principles provided for in the caput of art. 6 of this Law.
- 2. The measures dealt with in the caput of this article shall be observed from the product or service conception phase until its execution.