Security check

GDPR technical security measures: art. 32, concretely

GDPR art. 32 requires 'appropriate technical measures' to protect personal data — but which? We check encryption, exposure and access and show where personal data risks leaking.

Run a free domain scan All checks →
Relates to: GDPR · art. 32 — security of processing ISO 27001 · A.8.24 / A.5.34 NIS2 · art. 21

What we check

We check the technical GDPR aspects: encryption in transit (TLS) and of secrets, exposed services that could leak personal data, security headers, and leaked credentials that grant unauthorised access to personal data.

Why it matters

GDPR art. 32 makes technical security measures a legal obligation, and a personal-data breach can lead to fines. Most leaks are technical — weak encryption, exposed databases, leaked keys — and they're measurable.

How Security Guru tests it

Common mistakes

  • Treating GDPR as legal only, not technical
  • Exposed database with personal data facing the internet
  • Weak or outdated TLS on services handling personal data
  • Leaked API keys opening personal-data stores

What you get in the report

  • Technical GDPR gaps mapped to art. 32
  • Where personal data risks leaking, prioritised
  • Concrete actions per finding
  • Input to your record of processing and DPA

FAQ

Is this legal GDPR advice?

No — we cover the TECHNICAL security measures in art. 32. Legal compliance (consents, record of processing) is out of scope.

Does it cover data breaches?

We help you detect the technical gaps that cause breaches — exposure, weak encryption, leaked keys.

Does personal data leave the environment?

No — the check is technical and doesn't read your personal data; deep scanning can run self-hosted.

Want to know your status?

Run a free scan or order a full Security Assessment — prioritised, not noise.

Run a free domain scan