Skip to main content
Version status: In force | Document consolidation status: Updated to reflect all known changes
Version date: 25 May 2018 - onwards
Version 2 of 2

72. Security measures for personal data

(1) In determining appropriate technical or organisational measures for the purposes of section 71(1)(f), a controller shall ensure that the measures provide a level of security appropriate to the harm that might result from accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or access to, the data concerned.

(2) A controller or processor shall take all reasonable steps to ensure that -

(a) persons employed by the controller or the processor, as the case may be, and

(b) other persons at the place of work concerned,

are aware of and comply with the relevant technical or organisational measures referred to in subsection (1).