Guidance for Controllers on Data Security
Data controllers in the private and public sectors hold increasing amounts of personal data on individuals. The decreasing cost of electronic storage and processing has greatly contributed to this. Organisations also increasingly outsource data processing to third party processors to undertake on their behalf. Many organisations also continue to hold large quantities of personal data in manual form - often in off-site locations. The following guidance has been prepared to aid data controllers and processors to ensure they meet their obligations with regard to the security of personal data they process.