GDPR requires that personal data is processed in a manner that ensures appropriate security. A risk assessment will be carried out of the personal data held by UCC. This will be used to inform the security measures appropriate to UCC’s needs. These security measures may be technical and/or organisational. The IT Security Policy and any related procedures will be reviewed to ensure it satisfies the requirements of GDPR. The security measures will be documented to provide assurance to regulators of DP compliance.