The collection of security products, people, and techniques that reduce a system’s vulnerability to threats, which is commensurate with the risk and magnitude of harm resulting from loss, unauthorized access, or mutation of the data.

The GDPR narrowly defines “appropriate safeguards” as one of several written legal terms (such as standard contractual clauses) required to perform cross-border transfers of personal data.