What is meant by TOM - Technical and organizational measures?

Technical and organizational measures (TOM) are a central component of data protection and data security law. TOM refers to the specific steps and precautions that organizations must take to adequately protect personal data. This includes technical security measures such as encryption, access controls and data backup, as well as organizational measures such as data protection guidelines, training and the implementation of data protection impact assessments. TOMs are designed to ensure that personal data is protected against unauthorized access, loss, destruction or other data breaches. The exact requirements for TOMs vary depending on the type of data processing and the risk to the data protection rights of the data subjects.