# DPC GDPR Data Security > Data security (Art. 32) for DPC self-assessment: risk assessment, technical and organisational measures, encryption, recovery, and secure destruction. Tags: DPC, GDPR, Ireland, Compliance, Security ## Example Prompts - Draft our security programme for the DPC checklist - Document our risk assessment and encryption measures - Assess our recovery and secure destruction procedures URL: https://rakenne.app/skills/dpc-gdpr-data-security/index.md Try this skill: https://rakenne.app/a/?skill=dpc-gdpr-data-security ## Overview Data security (Art. 32) for DPC self-assessment: risk assessment, technical and organisational measures, encryption, recovery, and secure destruction. ## Getting Started Add your source materials to the project workspace, then activate the *DPC GDPR Data Security* skill. The agent will guide you through the process step by step. ## Example conversation **You:** Our auditors want to see a written security programme and a risk assessment for personal data processing, aligned to GDPR Art. 32 and the DPC checklist. **Agent:** I'll use the data security reference (Art. 32 and DPC questions). I'll draft a risk assessment section: processing in scope, risks to individuals, and mitigation. Then a security programme covering: technical and organisational measures, encryption in transit and at rest, access control, backup and recovery, secure destruction when retention ends, and a designated person for security and breach investigation. I'll align each point to the DPC checklist questions so you can evidence them. ## Output excerpt ### Security programme (excerpt) **Risk assessment** — Processing in scope: customer DB, HR records, email. Main risks: unauthorised access, loss in transit, inadequate destruction. Mitigation: access control, encryption, retention and secure deletion. **Technical and organisational measures (Art. 32)** - Encryption in transit (TLS) and at rest (AES-256) for personal data. - Access limited by role; logging and review. - Backup and recovery tested; RTO [X] hours. - Secure destruction when retention ends (certified deletion / overwrite). - Designated person: [Name] for security and breach investigation. - Documented process for security-related complaints. *Aligned to DPC checklist: risk assessed, security programme documented, encryption, restoration, destruction, designated individual.* ## Extension and validation This skill does not include custom validation tools. Elaboration is guided by the skill workflow and reference materials. You can add tools in `extension.ts` later (e.g. to check required sections or checklist coverage) if you want automated validation. --- Back to [Skill Library](https://rakenne.app/skills/index.md)