As of: December 11, 2023
Organizations that collect, process or use personal data themselves or on behalf of others must take the technical and organizational measures required to ensure compliance with data protection laws. Measures are only required if their effort is in reasonable proportion to the intended protection purpose.