Compliance with principles and security obligations

Controllers must continue to comply with the data protection principles and ensure the security of personal data.

In addition, controllers must implement appropriate technical and organisational measures to ensure, among other things:

Guidance is available at:


Exemptions from complying with the principles are restricted to those specified in Schedule 9 to the GDPR and LED Implementing Regulations