[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIuq8qaoBolHGzZL0XehPlxlOjJ0RRWN5U47xbPYBKdQ":3},{"tableOfContents":4,"markDownContent":5,"htmlContent":6,"metaTitle":7,"metaDescription":7,"wordCount":8,"readTime":9,"title":10,"nbDownloads":11,"excerpt":7,"lang":12,"url":13,"intro":14,"featured":15,"state":16,"author":17,"authorId":18,"datePublication":22,"dateCreation":23,"dateUpdate":24,"mainCategory":25,"categories":41,"metaDatas":47,"imageUrl":55,"imageThumbUrls":56,"id":64},true,"## What does the GDPR say about security measures\r\n \r\nThe GDPR imposes a general obligation to ensure the security of personal data. This obligation derives from Article 5 1. f) and Article 32.\r\n \r\n**Article 5 1. f)**\r\n\r\n> Personal data must be [...] processed in such a way as to ensure appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).\r\n\r\n**Article 32**\r\n\r\n>Having regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing and the risks to the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, inter alia, as necessary:\r\n> \r\n> a) pseudonymisation and encryption of personal data;\r\n> \r\n> b) means to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services;\r\n> \r\n> c) means to restore the availability of and access to personal data within an appropriate timeframe in the event of a physical or technical incident;\r\n> \r\n> d) a procedure for regularly testing, analysing and evaluating the effectiveness of technical and organisational measures to ensure the security of processing.\r\n\r\n \r\nEach processing operation must therefore be subject to a set of security measures decided according to the context. **These obligations are therefore always adapted to the specific features of the processing and the risks it presents for the rights and freedoms of the data subjects**.\r\n \r\nArticle 32 reiterates that all these security measures can reduce the risks to individuals. They thus preserve :\r\n \r\n▶ **The rights and freedoms of individuals**,\r\n \r\nbut also  \r\n\r\n ▶ **The organisation's information assets**,  \r\n ▶ **the organisation's reputation**.\r\n \r\nAt a time when risks to individuals are evolving rapidly (change in nature, different probability and severity, etc.) security measures must be integrated in order to reduce the risks to individuals, including over time.\r\n\r\n> NB: as safety is an ongoing process, it is important to regularly update and **check the procedures in place**.\r\n\r\nLet's go a step further and find out what Article 32.1 of the GDPR tells us:\r\n\r\n> \"**The controller and the processor have an obligation** to implement appropriate **technical, organisational measures** in order to guarantee a level of security **adapted to the risks**, and in particular: the pseudonymisation and encryption of personal data, the means to guarantee the confidentiality, integrity, availability, constant resilience of processing systems and services, the means to restore the availability of personal data and access to it within the appropriate timescales in the event of a physical or technical incident, a procedure to test, analyse, regularly evaluate the effectiveness of the technical and organisational measures to ensure the security of the processing. \"\r\n\r\nAs a result of the **extension of responsibility by the GDPR**, **these security obligations fall on the controller as well as the processor**. Finally, these measures not only protect individuals, but also their data: we are talking about **data integrity, confidentiality and availability**.\r\n \r\n## Reducing risks\r\n \r\nThe security obligation must be **understood in a global manner**, from the angle of 3 principles enabling risks to be reduced:\r\n \r\n▶ Principle of **confidentiality**\r\n \r\n▶ Principle of **integrity**\r\n \r\n▶ Principle of **availability**\r\n \r\nEach principle will help avoid a multitude of risks. For example:\r\n \r\n- Unauthorised access for data confidentiality,\r\n- Unjustified modifications for data integrity,\r\n- Data inaccessibility for data availability.\r\n\r\n**The sources of these risks can be multiple, and are calculated according to the probability of the risk occurring and the impact it could have if the risk became a reality**.\r\n\r\n> **Examples of risks** :\r\n> \r\n> Risks can be **internal** or **external**.\r\n> \r\n> **Stakeholders** (employees, visitors, competitors) mishandling data can accidentally or deliberately increase the risk of leakage, theft, loss, etc,\r\n> \r\n> The risk may come from malicious **attacks**, organised crime or other sources,\r\n> \r\n> Risk can also arise from **failures**, disasters, incidents, deliberate actions, etc.\r\n\r\nIn short, **every data processing operation can easily be subject to security risks**, which is why **security measures need to be put in place**.\r\n \r\n## Security measures\r\n \r\nA few examples of security measures are suggested by the GDPR but not imposed:\r\n \r\n▶ The **encryption** of data: only the sender and the recipient can access the content. Once encrypted, the specific key is required, otherwise the message is inaccessible and unreadable.\r\n \r\n▶ **Pseudonymisation**: replacing an identifier, or more generally personal data, with a pseudonym. It is still possible to re-identify the person by combining the pseudonym with other information (different from anonymisation).\r\n \r\nThe organisation is therefore obliged to take measures. There are 3 types of measures:\r\n \r\n▶ **physical** or **material** measures: locking doors, etc. ;\r\n \r\n▶**logical** or **software** measures: antivirus, password protection, etc;\r\n\r\n▶**organisational** measures: procedure, security governance.\r\n \r\n### Physical measures\r\n \r\nThis involves facilitating access to premises, while guaranteeing data security.\r\n\r\n> **Examples of measures** :\r\n> \r\n> - Install intruder alarms, with verification of access.\r\n> - Distinguish between areas of buildings according to risk, for example server rooms,\r\n> - Physically protect IT equipment,\r\n> - Install locks in each office,\r\n> - etc.\r\n\r\n### Logical measures\r\n \r\n▶ Adopt a rigorous password policy for access to workstations.\r\n\r\n**Examples**:  \r\n> - Unique identifier per user and prohibition of shared accounts.  \r\n> - Require strong passwords.  \r\n> - Temporarily block access to the account after several failed authentications.\r\n\r\n▶ Secure workstations.\r\n\r\n**Examples** :  \r\n> - Automatic locking of workstations following a short period of inactivity.  \r\n> - Control the use of USB ports on sensitive workstations.\r\n\r\n▶ Trace access to the active database and the various archives.\r\n\r\n> **Examples** :  \r\n> - Make the players responsible by creating a procedure for tracing actions on files.  \r\n> - Regular monitoring of traces via automated detection of suspicious actions.\r\n\r\n▶ Protect the internal computer network and servers from external attacks.\r\n\r\n> **Examples** :  \r\n> - Regularly updated firewalls and antivirus software.  \r\n> - Secure channels and authentication systems for remote connections.  \r\n> - Limit access to administration tools and interfaces to authorised personnel only.\r\n\r\n▶ Anticipate the risk of data loss or disclosure.\r\n\r\n> **Examples** :  \r\n> - Carry out regular back-ups and store them on a separate site.  \r\n> - Protect logging equipment and logged information.  \r\n> - Systematically encrypt data stored on mobile devices (USB sticks, smartphones, computers, etc.).\r\n\r\n### Organisational measures\r\n \r\nThese are complementary to the physical or logical measures, and structure and create the procedures for applying the chosen security measures.\r\n \r\n▶ Data access control policy.\r\n\r\n> **Examples**:  \r\n> - Define the procedures to be followed for each movement of personnel (arrival, departure, or change of assignment).  \r\n> - Carry out regular reviews of the rights granted to users.  \r\n> - Provide for checks to be carried out in the event of a request from a third party to transmit data (e.g. police services, etc).\r\n\r\n▶ Make users aware of the conditions under which data is used.\r\n\r\n> **Examples** :  \r\n> - Distribute and have each user sign an IT charter setting out the conditions for using IT equipment and personal data.  \r\n> - Regularly make users aware of internal and criminal rules, and of existing threats (vulnerabilities, cyber-manipulation, etc).  \r\n> - Document procedures for using data, update them and make them available to users.\r\n\r\n▶ Define a policy for managing incidents involving personal data.\r\n\r\n> **Examples** :  \r\n> - Establish a procedure in the event of theft/loss of personal data (people to notify, lodging a complaint, etc).  \r\n> - Provide for the contact person(s) to be notified in the event of a breach of data integrity, confidentiality or availability.\r\n\r\n▶ Provide for regular audits of procedures and processing.\r\n\r\n> **Examples** :  \r\n> - Identify the relevant processing operations for a regular internal or external audit,  \r\n> - Establish monitoring of the implementation of measures recommended following audits,  \r\n> - Establish criteria for reviewing risk analyses (deadlines, technological advances, vulnerabilities made public, etc.).","\u003Ch2 id=\"what-does-the-gdpr-say-about-security-measures\">What does the GDPR say about security measures\u003C/h2>\r\n\u003Cp>The GDPR imposes a general obligation to ensure the security of personal data. This obligation derives from Article 5 1. f) and Article 32.\u003C/p>\r\n\u003Cp>\u003Cstrong>Article 5 1. f)\u003C/strong>\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>Personal data must be [...] processed in such a way as to ensure appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).\u003C/p>\r\n\u003C/blockquote>\r\n\u003Cp>\u003Cstrong>Article 32\u003C/strong>\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>Having regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing and the risks to the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, inter alia, as necessary:\u003C/p>\r\n\u003Col type=\"a\">\r\n\u003Cli>\u003Cp>pseudonymisation and encryption of personal data;\u003C/p>\r\n\u003C/li>\r\n\u003Cli>\u003Cp>means to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services;\u003C/p>\r\n\u003C/li>\r\n\u003Cli>\u003Cp>means to restore the availability of and access to personal data within an appropriate timeframe in the event of a physical or technical incident;\u003C/p>\r\n\u003C/li>\r\n\u003Cli>\u003Cp>a procedure for regularly testing, analysing and evaluating the effectiveness of technical and organisational measures to ensure the security of processing.\u003C/p>\r\n\u003C/li>\r\n\u003C/ol>\r\n\u003C/blockquote>\r\n\u003Cp>Each processing operation must therefore be subject to a set of security measures decided according to the context. \u003Cstrong>These obligations are therefore always adapted to the specific features of the processing and the risks it presents for the rights and freedoms of the data subjects\u003C/strong>.\u003C/p>\r\n\u003Cp>Article 32 reiterates that all these security measures can reduce the risks to individuals. They thus preserve :\u003C/p>\r\n\u003Cp>▶ \u003Cstrong>The rights and freedoms of individuals\u003C/strong>,\u003C/p>\r\n\u003Cp>but also\u003C/p>\r\n\u003Cp>▶ \u003Cstrong>The organisation's information assets\u003C/strong>,\u003Cbr />\r\n▶ \u003Cstrong>the organisation's reputation\u003C/strong>.\u003C/p>\r\n\u003Cp>At a time when risks to individuals are evolving rapidly (change in nature, different probability and severity, etc.) security measures must be integrated in order to reduce the risks to individuals, including over time.\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>NB: as safety is an ongoing process, it is important to regularly update and \u003Cstrong>check the procedures in place\u003C/strong>.\u003C/p>\r\n\u003C/blockquote>\r\n\u003Cp>Let's go a step further and find out what Article 32.1 of the GDPR tells us:\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>\"\u003Cstrong>The controller and the processor have an obligation\u003C/strong> to implement appropriate \u003Cstrong>technical, organisational measures\u003C/strong> in order to guarantee a level of security \u003Cstrong>adapted to the risks\u003C/strong>, and in particular: the pseudonymisation and encryption of personal data, the means to guarantee the confidentiality, integrity, availability, constant resilience of processing systems and services, the means to restore the availability of personal data and access to it within the appropriate timescales in the event of a physical or technical incident, a procedure to test, analyse, regularly evaluate the effectiveness of the technical and organisational measures to ensure the security of the processing. \"\u003C/p>\r\n\u003C/blockquote>\r\n\u003Cp>As a result of the \u003Cstrong>extension of responsibility by the GDPR\u003C/strong>, \u003Cstrong>these security obligations fall on the controller as well as the processor\u003C/strong>. Finally, these measures not only protect individuals, but also their data: we are talking about \u003Cstrong>data integrity, confidentiality and availability\u003C/strong>.\u003C/p>\r\n\u003Ch2 id=\"reducing-risks\">Reducing risks\u003C/h2>\r\n\u003Cp>The security obligation must be \u003Cstrong>understood in a global manner\u003C/strong>, from the angle of 3 principles enabling risks to be reduced:\u003C/p>\r\n\u003Cp>▶ Principle of \u003Cstrong>confidentiality\u003C/strong>\u003C/p>\r\n\u003Cp>▶ Principle of \u003Cstrong>integrity\u003C/strong>\u003C/p>\r\n\u003Cp>▶ Principle of \u003Cstrong>availability\u003C/strong>\u003C/p>\r\n\u003Cp>Each principle will help avoid a multitude of risks. For example:\u003C/p>\r\n\u003Cul>\r\n\u003Cli>Unauthorised access for data confidentiality,\u003C/li>\r\n\u003Cli>Unjustified modifications for data integrity,\u003C/li>\r\n\u003Cli>Data inaccessibility for data availability.\u003C/li>\r\n\u003C/ul>\r\n\u003Cp>\u003Cstrong>The sources of these risks can be multiple, and are calculated according to the probability of the risk occurring and the impact it could have if the risk became a reality\u003C/strong>.\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>\u003Cstrong>Examples of risks\u003C/strong> :\u003C/p>\r\n\u003Cp>Risks can be \u003Cstrong>internal\u003C/strong> or \u003Cstrong>external\u003C/strong>.\u003C/p>\r\n\u003Cp>\u003Cstrong>Stakeholders\u003C/strong> (employees, visitors, competitors) mishandling data can accidentally or deliberately increase the risk of leakage, theft, loss, etc,\u003C/p>\r\n\u003Cp>The risk may come from malicious \u003Cstrong>attacks\u003C/strong>, organised crime or other sources,\u003C/p>\r\n\u003Cp>Risk can also arise from \u003Cstrong>failures\u003C/strong>, disasters, incidents, deliberate actions, etc.\u003C/p>\r\n\u003C/blockquote>\r\n\u003Cp>In short, \u003Cstrong>every data processing operation can easily be subject to security risks\u003C/strong>, which is why \u003Cstrong>security measures need to be put in place\u003C/strong>.\u003C/p>\r\n\u003Ch2 id=\"security-measures\">Security measures\u003C/h2>\r\n\u003Cp>A few examples of security measures are suggested by the GDPR but not imposed:\u003C/p>\r\n\u003Cp>▶ The \u003Cstrong>encryption\u003C/strong> of data: only the sender and the recipient can access the content. Once encrypted, the specific key is required, otherwise the message is inaccessible and unreadable.\u003C/p>\r\n\u003Cp>▶ \u003Cstrong>Pseudonymisation\u003C/strong>: replacing an identifier, or more generally personal data, with a pseudonym. It is still possible to re-identify the person by combining the pseudonym with other information (different from anonymisation).\u003C/p>\r\n\u003Cp>The organisation is therefore obliged to take measures. There are 3 types of measures:\u003C/p>\r\n\u003Cp>▶ \u003Cstrong>physical\u003C/strong> or \u003Cstrong>material\u003C/strong> measures: locking doors, etc. ;\u003C/p>\r\n\u003Cp>▶\u003Cstrong>logical\u003C/strong> or \u003Cstrong>software\u003C/strong> measures: antivirus, password protection, etc;\u003C/p>\r\n\u003Cp>▶\u003Cstrong>organisational\u003C/strong> measures: procedure, security governance.\u003C/p>\r\n\u003Ch3 id=\"physical-measures\">Physical measures\u003C/h3>\r\n\u003Cp>This involves facilitating access to premises, while guaranteeing data security.\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>\u003Cstrong>Examples of measures\u003C/strong> :\u003C/p>\r\n\u003Cul>\r\n\u003Cli>Install intruder alarms, with verification of access.\u003C/li>\r\n\u003Cli>Distinguish between areas of buildings according to risk, for example server rooms,\u003C/li>\r\n\u003Cli>Physically protect IT equipment,\u003C/li>\r\n\u003Cli>Install locks in each office,\u003C/li>\r\n\u003Cli>etc.\u003C/li>\r\n\u003C/ul>\r\n\u003C/blockquote>\r\n\u003Ch3 id=\"logical-measures\">Logical measures\u003C/h3>\r\n\u003Cp>▶ Adopt a rigorous password policy for access to workstations.\u003C/p>\r\n\u003Cp>\u003Cstrong>Examples\u003C/strong>:\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cul>\r\n\u003Cli>Unique identifier per user and prohibition of shared accounts.\u003C/li>\r\n\u003Cli>Require strong passwords.\u003C/li>\r\n\u003Cli>Temporarily block access to the account after several failed authentications.\u003C/li>\r\n\u003C/ul>\r\n\u003C/blockquote>\r\n\u003Cp>▶ Secure workstations.\u003C/p>\r\n\u003Cp>\u003Cstrong>Examples\u003C/strong> :\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cul>\r\n\u003Cli>Automatic locking of workstations following a short period of inactivity.\u003C/li>\r\n\u003Cli>Control the use of USB ports on sensitive workstations.\u003C/li>\r\n\u003C/ul>\r\n\u003C/blockquote>\r\n\u003Cp>▶ Trace access to the active database and the various archives.\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>\u003Cstrong>Examples\u003C/strong> :\u003C/p>\r\n\u003Cul>\r\n\u003Cli>Make the players responsible by creating a procedure for tracing actions on files.\u003C/li>\r\n\u003Cli>Regular monitoring of traces via automated detection of suspicious actions.\u003C/li>\r\n\u003C/ul>\r\n\u003C/blockquote>\r\n\u003Cp>▶ Protect the internal computer network and servers from external attacks.\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>\u003Cstrong>Examples\u003C/strong> :\u003C/p>\r\n\u003Cul>\r\n\u003Cli>Regularly updated firewalls and antivirus software.\u003C/li>\r\n\u003Cli>Secure channels and authentication systems for remote connections.\u003C/li>\r\n\u003Cli>Limit access to administration tools and interfaces to authorised personnel only.\u003C/li>\r\n\u003C/ul>\r\n\u003C/blockquote>\r\n\u003Cp>▶ Anticipate the risk of data loss or disclosure.\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>\u003Cstrong>Examples\u003C/strong> :\u003C/p>\r\n\u003Cul>\r\n\u003Cli>Carry out regular back-ups and store them on a separate site.\u003C/li>\r\n\u003Cli>Protect logging equipment and logged information.\u003C/li>\r\n\u003Cli>Systematically encrypt data stored on mobile devices (USB sticks, smartphones, computers, etc.).\u003C/li>\r\n\u003C/ul>\r\n\u003C/blockquote>\r\n\u003Ch3 id=\"organisational-measures\">Organisational measures\u003C/h3>\r\n\u003Cp>These are complementary to the physical or logical measures, and structure and create the procedures for applying the chosen security measures.\u003C/p>\r\n\u003Cp>▶ Data access control policy.\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>\u003Cstrong>Examples\u003C/strong>:\u003C/p>\r\n\u003Cul>\r\n\u003Cli>Define the procedures to be followed for each movement of personnel (arrival, departure, or change of assignment).\u003C/li>\r\n\u003Cli>Carry out regular reviews of the rights granted to users.\u003C/li>\r\n\u003Cli>Provide for checks to be carried out in the event of a request from a third party to transmit data (e.g. police services, etc).\u003C/li>\r\n\u003C/ul>\r\n\u003C/blockquote>\r\n\u003Cp>▶ Make users aware of the conditions under which data is used.\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>\u003Cstrong>Examples\u003C/strong> :\u003C/p>\r\n\u003Cul>\r\n\u003Cli>Distribute and have each user sign an IT charter setting out the conditions for using IT equipment and personal data.\u003C/li>\r\n\u003Cli>Regularly make users aware of internal and criminal rules, and of existing threats (vulnerabilities, cyber-manipulation, etc).\u003C/li>\r\n\u003Cli>Document procedures for using data, update them and make them available to users.\u003C/li>\r\n\u003C/ul>\r\n\u003C/blockquote>\r\n\u003Cp>▶ Define a policy for managing incidents involving personal data.\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>\u003Cstrong>Examples\u003C/strong> :\u003C/p>\r\n\u003Cul>\r\n\u003Cli>Establish a procedure in the event of theft/loss of personal data (people to notify, lodging a complaint, etc).\u003C/li>\r\n\u003Cli>Provide for the contact person(s) to be notified in the event of a breach of data integrity, confidentiality or availability.\u003C/li>\r\n\u003C/ul>\r\n\u003C/blockquote>\r\n\u003Cp>▶ Provide for regular audits of procedures and processing.\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>\u003Cstrong>Examples\u003C/strong> :\u003C/p>\r\n\u003Cul>\r\n\u003Cli>Identify the relevant processing operations for a regular internal or external audit,\u003C/li>\r\n\u003Cli>Establish monitoring of the implementation of measures recommended following audits,\u003C/li>\r\n\u003Cli>Establish criteria for reviewing risk analyses (deadlines, technological advances, vulnerabilities made public, etc.).\u003C/li>\r\n\u003C/ul>\r\n\u003C/blockquote>\r\n",null,1246,7,"What security measures should be applied under the GDPR?",0,"en","what-security-measures-should-be-applied-under-the-gdpr","This article sets out the obligations of data controllers and processors and provides numerous examples of how to implement the appropriate technical and organisational measures to guarantee a level of security appropriate to the risks.",false,"Published",{"id":18,"displayName":19,"avatarUrl":20,"bio":7,"blogUrl":7,"color":7,"userId":18,"creationDate":21},38,"Paul-Emmanuel Bidault","https://static.dastra.eu/tenant-27/avatar/38/paul-emmanuel-bidault-150.jpg","2019-12-03T19:09:28","2023-12-27T13:39:00.099","2023-12-27T14:38:58.7395799","2026-02-04T14:27:19.2462186",{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":31},2,"Blog","A list of curated articles provided by the community","blog","#28449a",[32,35,38],{"lang":33,"name":27,"description":34},"fr","Une liste d'articles rédigés par la communauté",{"lang":36,"name":27,"description":37},"es","Una lista de artículos escritos por la comunidad",{"lang":39,"name":27,"description":40},"de","Eine Liste von Artikeln, die von der Community verfasst wurden",[42],{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":43},[44,45,46],{"lang":33,"name":27,"description":34},{"lang":36,"name":27,"description":37},{"lang":39,"name":27,"description":40},[48,51],{"typeMetaDataId":26,"value":49,"id":50},"https://www.dastra.eu/en/product-features/data-breach",111705,{"typeMetaDataId":52,"value":53,"id":54},3,"Find out how to ensure data breach compliance",111706,"https://static.dastra.eu/content/a7f4fea1-03a6-40d9-bbc1-f4a8d12d1d78/security-1000-1000.png",[57,58,59,60,61,62,63],"https://static.dastra.eu/content/a7f4fea1-03a6-40d9-bbc1-f4a8d12d1d78/security-1000-1000.webp","https://static.dastra.eu/content/a7f4fea1-03a6-40d9-bbc1-f4a8d12d1d78/security-1000.webp","https://static.dastra.eu/content/a7f4fea1-03a6-40d9-bbc1-f4a8d12d1d78/security-1000-1500.webp","https://static.dastra.eu/content/a7f4fea1-03a6-40d9-bbc1-f4a8d12d1d78/security-1000-800.webp","https://static.dastra.eu/content/a7f4fea1-03a6-40d9-bbc1-f4a8d12d1d78/security-1000-600.webp","https://static.dastra.eu/content/a7f4fea1-03a6-40d9-bbc1-f4a8d12d1d78/security-1000-300.webp","https://static.dastra.eu/content/a7f4fea1-03a6-40d9-bbc1-f4a8d12d1d78/security-1000-100.webp",56344]