Art. 19 (2b) DGA:

"The entity shall take measures to ensure an appropriate level of security for the storage and processing of non-personal data that it has collected based on data altruism."

Art. 19a (1) DGA:

"The Commission shall adopt delegated acts in accordance with Article 28, supplementing this Regulation by establishing a rulebook, laying down:

[...]

(b) appropriate technical and security requirements to ensure the appropriate level of security for the storage and processing of data, as well as for the tools for obtaining and withdrawing consent and permission;

[...]"