skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration


Article 32 of GDPR endorses specific technical security measures. However, the reality of effective security under GDPR is far more cross-functional and integrated, spanning multiple articles and involving workflows that bridge departments and roles.


  • Security efforts within most organizations are siloed, both technically and organizationally. Proliferation of security point solutions, lack of cross-departmental processes and workflows, and GDPR's specific wording toward security requirements all contribute to a myopic, technology-centric approach.
  • GDPR's Article 32, which states requirements for security of processing, is often the focus of security efforts in the context of compliance. Because it mentions specific technologies, many organizations treat it as technical checklist; however, holistic security-related requirements are found throughout the entire regulation.
  • Security in the context of GDPR requires a highly integrated approach, both from a technical product perspective and from a human workflow perspective. Security needs to be embedded in cross-departmental processes, and security teams need to have open lines of communication with compliance stakeholders.

Features and Benefits

  • Evaluates the current security solution landscape and typical organizational approach to security, identifying shortcomings of siloed methodology in the GDPR compliance era.
  • Identifies parts of GDPR's Article 32 that contribute to the enterprise's technical, solution-centric approach to regulatory compliance.
  • Assesses the role of security in the broader scope of GDPR's requirements beyond Article 32.
  • Identifies current barriers, both technological and organizational, to integrating security efforts into broader enterprise compliance workflows.
  • Identifies several specific considerations to make when pursuing security technology and strategy under GDPR.

Key questions answered

  • What factors in the security technology market and regulatory landscape have contributed to an organizationally and technically siloed enterprise approach to security?
  • Why is Article 32 of GDPR frequently considered the foundation of security compliance efforts, and how do its requirements shape enterprise security strategy?

Table of contents

Ovum view

  • Summary
  • Security is siloed, but the enterprise isn't (entirely) to blame
  • GDPR's Article 32 is only a small part of compliant security
  • Thinking beyond the human and technological security bubble


  • Further reading
  • Author

Recommended Articles


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team: +44 7771 980316

Asia-Pacific team: +61 (0)3 960 16700

US team: +1 212-652-5335

Email us at

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now