Creating TOMs

Technical and Organizational Measures (TOMs) are safeguards mandated by the General Data Protection Regulation (GDPR) to protect personal data. TOMs help organizations protect personal data, reduce the risk of breaches, and ensure compliance with GDPR, thereby maintaining the trust of individuals and avoiding legal penalties.

Types of TOMs 

Technical Measures involve using technology to protect data, such as:

  • Encryption: Securing data in transit and at rest.
  • Access Controls: Limiting data access to authorized personnel only.
  • Regular Software Updates: Keeping systems up-to-date to protect against vulnerabilities.
  • Network Security: Using firewalls, intrusion detection systems, and other tools to protect against cyber threats.

 

Organizational Measures involve policies and procedures within the organization, such as:

  • Data Protection Policies: Establishing rules and guidelines for handling personal data.
  • Employee Training: Educating staff about data protection and security practices.
  • Incident Response Plans: Preparing procedures for responding to data breaches.
  • Data Minimization: Collecting only the data necessary for a specific purpose and retaining it only for as long as needed.

 

Overview page 

The TOMs overview provides an initial glance at the protection goals and policies found in both the draft folder and the active folder.

 

 

In the TOMs overview, we differentiate between Draft and Active. Initially, TOMs are placed in the Draft section and are not yet considered "valid." Subsequently, the responsible person can use the "Set Active" button to move them to the Active section, making them officially part of the TOMs list.  

Protection Goals Listing: On the left-hand side, protection goals are listed. These goals form the basis of the TOMs that are assigned to them. You can find a comprehensive catalogue of TOMs to choose from.

Once active, they can be formally declared to third parties.

 

Detail view page 

When you click on a policy, a window will open providing you with additional information about the policy. This includes the associated protection goals, the policy owner, its status, and a detailed policy description.

 

 

 

How to create TOMs

 

Via the catalogue 

 

1. On the menu bar on the left-hand side, go to "TOMs".

 

 

2. Click on "Catalog".

 

 

3. Go through the catalogue and select the TOMs that apply to your organization. 

4. Click "Set to active".

Once this step is done, the TOMs show up in the “Active” overview.

 

How to create TOMs – manually 

 

 

1. Click on "Add measure".

 

 

2. Fill out the form with the required information:  

  • Name of the measure,
  • Protection goal,  
  • Owner,  
  • a status to create individual policies
  • Providing a description is optional

 

Exporting TOMs 

 

 

You can export the data from the detail view of TOMs dashboard for external use, such as audits or internal reviews. Follow these steps to export:

1. In the TOMs dashboard, click on the Export button at the top right.

2. The download will start automatically.

3. Unpack the downloaded zip file.

Was this article helpful?