http://www.legislation.gov.uk/id/ukpga/2018/12/enacted

PART 3Law enforcement processing

CHAPTER 4Controller and processor

Overview and scope

55Overview and scope

1

This Chapter—

a

sets out the general obligations of controllers and processors (see sections 56 to 65);

b

sets out specific obligations of controllers and processors with respect to security (see section 66);

c

sets out specific obligations of controllers and processors with respect to personal data breaches (see sections 67 and 68);

d

makes provision for the designation, position and tasks of data protection officers (see sections 69 to 71).

2

This Chapter applies only in relation to the processing of personal data for a law enforcement purpose.

3

Where a controller is required by any provision of this Chapter to implement appropriate technical and organisational measures, the controller must (in deciding what measures are appropriate) take into account—

a

the latest developments in technology,

b

the cost of implementation,

c

the nature, scope, context and purposes of processing, and

d

the risks for the rights and freedoms of individuals arising from the processing.