Skip to main content
Version status: In force | Document consolidation status: Updated to reflect all known changes
Version date: 25 May 2018 - onwards
Version 2 of 2

75. General obligations of controller with regard to technical and organisational measures

(1) A controller shall implement appropriate technical and organisational measures for the purposes of -

(a) ensuring that the processing of personal data for which it is responsible is performed in compliance with this Part, and

(b) demonstrating such compliance.

(2) A controller shall ensure that measures implemented in accordance with subsection (1) are reviewed at regular intervals and, where required, updated.

(3) The measures referred to in subsection (1) shall include the implementation of an appropriate data protection policy by the controller, where such implementation is proportionate in relation to the processing activities carried out by the controller.