You must ensure that you have appropriate security measures in place to protect the personal data you hold.
This is the ‘integrity and confidentiality’ principle of the GDPR – also known as the security principle.
For more information, see the security section of this guide.