107 Security of processing
107 Security of processing

(1)     Each controller and each processor must implement security measures appropriate to the risks arising from the processing of personal data.

(2)     In the case of automated processing, each controller and each processor must, following an evaluation of the risks, implement measures designed to—

(a)     prevent unauthorised processing or unauthorised interference with the systems used in connection with it,

(b)     ensure that it is possible to establish the precise details of any processing that takes place,

(c)     ensure that any systems used in connection with the processing function properly and may, in the case of interruption, be restored, and