PART 3Law enforcement processing
CHAPTER 4Controller and processor
Overview and scope
55Overview and scope
1
This Chapter—
a
sets out the general obligations of controllers and processors (see sections 56 to 65);
b
sets out specific obligations of controllers and processors with respect to security (see section 66);
c
sets out specific obligations of controllers and processors with respect to personal data breaches (see sections 67 and 68);
d
makes provision for the designation, position and tasks of data protection officers (see sections 69 to 71).
2
This Chapter applies only in relation to the processing of personal data for a law enforcement purpose.
3
Where a controller is required by any provision of this Chapter to implement appropriate technical and organisational measures, the controller must (in deciding what measures are appropriate) take into account—
a
the latest developments in technology,
b
the cost of implementation,
c
the nature, scope, context and purposes of processing, and
d
the risks for the rights and freedoms of individuals arising from the processing.