Compliance with principles and security obligations
Controllers must continue to comply with the data protection principles and ensure the security of personal data.
In addition, controllers must implement appropriate technical and organisational measures to ensure, among other things:
- the ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
Guidance is available at:
Exemptions from complying with the principles are restricted to those specified in Schedule 9 to the GDPR and LED Implementing Regulations