University of Glasgow - MyGlasgow - Data Protection & Freedom of Information Office - A-Z topics

Security - The Integrity & Confidentiality Principle

Article 5(1)(f) of the GDPR requires that personal data is processed in a manner that ensures appropriate security of that data, including:

protection against unauthorised or unlawful processing
protection against accidental loss, destruction or damage
use of appropriate technical or organisational measures, such as
- pseudonymisation and encryption of personal data,
- ensuring the ongoing confidentiality, integrity, availability and resilience of systems and services,
- restoring the availability and access to personal data in a timely manner in the event of a physical or technical incident
- regularly testing and evaluating the effectiveness of all technical and organisational safeguards

These requirements link with the provisions of the Computer Misuse Act.

For further guidance and information on the University's security policies, please see the IT Services Information Security policies and procedures.