PART 4Intelligence services processing
CHAPTER 4Controller and processor
Obligations relating to security
107Security of processing
1
Each controller and each processor must implement security measures appropriate to the risks arising from the processing of personal data.
2
In the case of automated processing, each controller and each processor must, following an evaluation of the risks, implement measures designed to—
a
prevent unauthorised processing or unauthorised interference with the systems used in connection with it,
b
ensure that it is possible to establish the precise details of any processing that takes place,
c
ensure that any systems used in connection with the processing function properly and may, in the case of interruption, be restored, and
d
ensure that stored personal data cannot be corrupted if a system used in connection with the processing malfunctions.