Technical (protection) measures, means, technologies, rules and resources are mentioned multiple times throughout the GDPR text. The Regulation does not, however, specify any security technology implementation as obligatory (a few methods are suggested as optional solutions for the specific usage). Choice and evaluation of adequacy is the sole responsibility of the data controller and processor.