Data Protection Act 2018
Security measures for personal data | ||
72. (1) In determining appropriate technical or organisational measures for the purposes of section 71 (1)(f), a controller shall ensure that the measures provide a level of security appropriate to the harm that might result from accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or access to, the data concerned. | ||
(2) A controller or processor shall take all reasonable steps to ensure that— | ||
(a) persons employed by the controller or the processor, as the case may be, and | ||
(b) other persons at the place of work concerned, | ||
are aware of and comply with the relevant technical or organisational measures referred to in subsection (1). |