Measures implemented by an organisation with the aim of protecting the privacy of individuals in respect of its “offline” data (i.e. paper-based records, internal systems etc.).