(57)
Personal data should be processed in a manner that ensures their security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage. To that end, business operators should take appropriate technical or organisational measures to protect personal data from possible threats. These measures should be assessed taking into consideration the state of the art and related costs.