56General obligations of the controllerU.K.
This section has no associated Explanatory Notes
(1)Each controller must implement appropriate technical and organisational measures to ensure, and to be able to demonstrate, that the processing of personal data complies with the requirements of this Part.
(2)Where proportionate in relation to the processing, the measures implemented to comply with the duty under subsection (1) must include appropriate data protection policies.
(3)The technical and organisational measures implemented under subsection (1) must be reviewed and updated where necessary.