Does GDPR apply for volatile data


GDPR aims to set standards (and requirements) on how sensitive data should be stored. Although, I couldn’t find any information on how (or if even) GDPR applies for sensitive data in a volatile state.

As an example, what if we are in the process of collecting data about users (with their consent) to store it. Although, this data goes through the machines RAM (as everything else that runs on the computer) where it could potentially be intercepted by malware therefore potentially enable leakage of sensitive information.

Is there a section in GDPR that addresses sensitive data in a volatile form or is it a potential loophole? (Mainly thinking about if the data should be encrypted while in-memory)