There aren't that many changes, in the sense that the article dealing with protection and adequate security measures will still be technology-neutral. We're referring to current standards. As lawyers practising in this field, we will often rely on decisions handed down by privacy commissioners, who will cite the type of measures that were expected to be in place at the time, in the context and according to the given technology. I think it's right to keep that flexibility, to make sure we're relying on the security standards of the day, which are constantly evolving.
On October 24th, 2023. See this statement in context.