Principle (f): Integrity and confidentiality (security)
-
The Data (Use and Access) Act 2026 got Royal Assent on 19 June 2026. All the provisions affecting data protection law and the Privacy and Electronic Regulations Communications are now in force. The Department for Science and Innovation (DSIT) has set out the commencement plans. You can find more details on the Gov.uk website.
You must ensure that you have appropriate security measures in place to protect the personal data you hold.
This is the ‘integrity and confidentiality’ principle of the GDPR – also known as the security principle.
For more information, see security.