- All practicable steps shall be taken to ensure that personal data is protected against unauthorised or accidental access, processing, erasure, loss and use
- Security in the storage, processing and transmission of data.
- If a data user engages a data processor to process personal data on the data user’s behalf, the data user must adopt contractual or other means to prevent unauthorised or accidental access, processing, erasure, loss or use of the data transferred to the data processor for processing
