Integrity and confidentiality

This principle, effectively the 'security principle', states that personal data shall be:

"processed in a way that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures".

This replicates the generality of the requirements in the Data Protection Act 2002; however, the Applied GDPR provides more specific security requirements in Article 32, which should be read together with together with Recitals 74-78.  This is in addition to the generality of Article 24, the responsibility of the controller to implement appropriate technical and organisational measures to ensure and be able to demonstrate that processing is performed in accordance with the Applied GDPR.  This includes the implementation of appropriate internal data protection policies, updated and reviewed as necessary.

The security of personal data is specifically dealt with in Section 2 of Chapter IV of the Applied GDPR in Articles 32 - 34 and more can be found on this website.