Guidance from the [[National Cyber Security Centre|NCSC]] about [[GDPR]] Data shall be: >[!quote] ...processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures - [[data protection by design]] means you've got to put appropriate controls in place - these are more than those in the [[Data Protection Act 1998]]