http://www.legislation.gov.uk/id/ukpga/2018/12

PART 4Intelligence services processing

CHAPTER 4Controller and processor

Obligations relating to security

107Security of processing

1

Each controller and each processor must implement security measures appropriate to the risks arising from the processing of personal data.

2

In the case of automated processing, each controller and each processor must, following an evaluation of the risks, implement measures designed to—

a

prevent unauthorised processing or unauthorised interference with the systems used in connection with it,

b

ensure that it is possible to establish the precise details of any processing that takes place,

c

ensure that any systems used in connection with the processing function properly and may, in the case of interruption, be restored, and

d

ensure that stored personal data cannot be corrupted if a system used in connection with the processing malfunctions.