Art 40 - The person responsible for the processing shall take all precautions with regard to the
nature of the data and especially, to prevent it from being distorted, damaged, or that
unauthorized parties have access.
When the processing is implemented on behalf of the person responsible for the processing,
he/she chooses a subcontractor that provides sufficient to meet the technical and organizational
security measures relating to the processing performed. It is the responsibility of the person
responsible for the processing as well as sub-contractor to ensure compliance with those
measures.
Art 41- he person responsible for the processing shall:
-
prevent any unauthorized person from having access to the installations used for data
processing;
-
prevent data media from being read, copied, modified or removed by unauthorized persons;
-
prevent the unauthorized introduction of any data in the information system, and
unauthorized inspection, modification or deletion of recorded data;
-
prevent data processing systems from being used for money laundering and terrorist
financing;
-
Ensure that when using an automated data processing system, authorized persons do not
have access to data under their authority;
-
Ensure that the identity of parties to whom the data may be transmitted by transmission
facilities; can be verified and ascertained
-
Ensure that posteriori identity of persons having access to information containing personal
data system , the nature of data that have been introduced , modified, altered , copied,
deleted or read in the system, the time at which the data were manipulated can be verified
and established a ;
-
prevent data from being read , copied, modified, altered or erased in an unauthorized
manner, when releasing data and transporting support ,
-
Save the data by creating backup copies for security protection. The person responsible for
the processing must implement all technical measures and appropriate organization to
protect data he/she processes against accidental or unlawful destruction or accidental loss,
alteration, disclosure or unauthorized access in particular where the processing involves the
transmission of data over a network, and against all other unlawful forms of processing.
Art 42- The person responsible for the processing is required to prepare an annual report for
the data protection body on compliance with the provisions announced in Article 41 of this
law.
Art 43- The personal data are kept for a period fixed by the data Protection Body according to
the goals of each type of processing for which they were collected in accordance with
applicable laws.