FantasticSearch

Data security Each Member State shall, in relation to its national border infrastructure, adopt the necessary measures, including a security plan and a business continuity and disaster recovery plan, in order to: physically protect data, including by making contingency plans for the protection of critical infrastructure; deny unauthorised persons access to data-processing equipment and national installations in which the Member State carries out operations in accordance with the purposes of the EES; prevent the unauthorised reading, copying, modification or removal of data media; prevent the unauthorised entering of data and the unauthorised inspection, modification or erasure of stored personal data; prevent the use of automated data-processing systems by unauthorised persons using data communication equipment; prevent the unauthorised processing of data in the EES and any unauthorised modification or erasure of data processed in the EES; ensure that persons authorised to access the EES have access only to the data covered by their access authorisation, by means of individual and unique user identities and confidential access modes only;

ensure that all authorities with a right of access to the EES create profiles describing the functions and responsibilities of persons who are authorised to enter, amend, erase, consult and search the data and make their profiles available to the supervisory authorities; ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment; ensure that it is possible to verify and establish which data have been processed in the EES, as well as when, by whom and for what purpose they have been processed; prevent the unauthorised reading, copying, modification or erasure of personal data during the transmission of personal data to or from the EES or during the transport of data media, in particular by means of appropriate encryption techniques; ensure that, in the event of an interruption, installed systems can be restored to normal operation; ensure reliability by making sure that any faults in the functioning of the EES are properly reported;

monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation.